Incorrect lazy initialization of static field instance

Description

From eamonn.w...@gmail.com on November 26, 2013 14:52:51

I have V2.1 from sources.

The DefaultValidator.java class bad synchronization (double locking anti-pattern) and uses a class lock instead of a more efficient local lock.

The corrected code follows:

private static final Object lock = new Object();

public static Validator getInstance() {

synchronized ( lock ) {

if ( instance == null ) {

instance = new DefaultValidator();

}

}

return instance;

}

Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=315

Environment

None

Status

Assignee

Unassigned

Reporter

Max Gelman

Priority

Configure