-
Bug
-
Resolution: Done
-
High
-
None
-
None
Heap dump analysis done as part of MDSAL-442/MDSAL-445 shows that binding-dom-codec is using plain ArrayLists to represent lists.
This is a violation of immutable contract imposed by the fact the data is actually backed by NormalizedNodes (and general MD-SAL architecture requirements, which stress the use of immutable objects), which can be exploited to make a NormalizedNode-backed DataObject report a different set of data than it actually represents.
Audit the code and make sure all lists that we are giving out are immutable.