DefaultByteBufferPool.allocate() returns a PooledByteBuffer that provides a method getBuffer() granting access to the actual buffer. PooledByteBuffer has a method close() that performs some administrative work and finally nulls the internal buffer field.

To prevent PooledByteBuffer.getBuffer() from returning null, a reference counter is zeroed in close() and checked in getBuffer(), which will throw an IllegalStateException upon a zeroed reference counter.

This is unfortunately not enough, as close() may be called after the check and before actually returning the wrapped buffer; this has been observed, possibly when clients connected to an undertow-based server disconnect while the request is being read, manifesting in a NullPointerException at io.undertow.servlet.spec.ServletInputStreamImpl.readIntoBuffer() (line 202 in version 2.2.9).