jib icon indicating copy to clipboard operation
jib copied to clipboard
verified publisher icon GoogleContainerTools

Data race in field `readOnlyBearerAuth` in class `RegistryClient.java`

Open raulpardo opened this issue 9 months ago • 2 comments

Environment:

  • Jib version 3.4.5:
  • Build tool: Gradle 6.9.2
  • OS: Ubuntu 24.04

Description of the issue:

There is a data race (according to the Java memory model) in the field readOnlyBearerAuth in class RegistryClient.java. Due to this data race, it is possible that writes on the variable by one thread are not visible to other threads reading the variable in the future. This can happen, for instance, if two threads concurrent execute doPullBearerAuth() and doPushBearerAuth().

Expected behavior:

Threads reading stale or outdated writes on the field readOnlyBearerAuth in class RegistryClient.java

Steps to reproduce:

Consider two threads t1 and t2 and let readOnlyBearerAuth==false. Consider that t1 executes doPullBearerAuth() and concurrently t2 executes doPushBearerAuth(). The following execution can occur:

  1. t1 reads readOnlyBearerAuth as false in this line
  2. t1 sets the corresponding authenticator
  3. t2 reads readOnlyBearerAuth as false (because there is no happens-before relation between the write by t1 and this read and the java memory model does not ensure that the write by t1 is visible to t2)

Additional Information:

The problem can be solved by defining readOnlyBearerAuth as volatile.

raulpardo avatar Mar 27 '25 08:03 raulpardo

@raulpardo can you provide us with the use case when you're running into this issue? What jib command are you running?

ldetmer avatar Jun 17 '25 18:06 ldetmer

Hi @raulpardo, thanks for reporting this issue. Would you mind sharing a reproducer? The volatile approach may do the job but we would appreciate a better way to confirm this behavior.

diegomarquezp avatar Sep 08 '25 19:09 diegomarquezp