--- java/org/apache/tomcat/websocket/WsSession.java.org	2017-03-09 14:51:41.000000000 +0100
+++ java/org/apache/tomcat/websocket/WsSession.java	2018-07-18 17:37:46.853657200 +0200
@@ -595,8 +595,8 @@
             localEndpoint.onError(this, e);
         }
     }
-    
-    
+
+
     /**
      * Use protected so unit tests can access this method directly.
      */
@@ -635,29 +635,48 @@
      * {@link FutureToSendHandler} completes.
      */
     protected void registerFuture(FutureToSendHandler f2sh) {
-        boolean fail = false;
-        synchronized (stateLock) {
-            // If the session has already been closed the any registered futures
-            // will have been processed so the failure result for this future
-            // needs to be set here.
-            if (state == State.OPEN || f2sh.isCloseMessage()) {
-                // WebSocket session is open or this is the close message
-                futures.put(f2sh, f2sh);
-            } else if (f2sh.isDone()) {
-                // NO-OP. The future completed before the session closed so no
-                // need to register in case the session closes before it
-                // completes.
-            } else {
-                // Construct the exception outside of the sync block
-                fail = true;
-            }
+        // Ideally, this code should sync on stateLock so that the correct
+        // action is taken based on the current state of the connection.
+        // However, a sync on stateLock can't be used here as it will create the
+        // possibility of a dead-lock. See BZ 61183.
+        // Therefore, a slightly less efficient approach is used.
+
+        // Always register the future.
+        futures.put(f2sh, f2sh);
+
+        if (state == State.OPEN || f2sh.isCloseMessage()) {
+            // The session is open. The future has been registered with the open
+            // session. Normal processing continues.
+            return;
         }
 
-        if (fail) {
-            IOException ioe = new IOException(sm.getString("wsSession.messageFailed"));
-            SendResult sr = new SendResult(ioe);
-            f2sh.onResult(sr);
+        // The session is closed. The future may or may not have been registered
+        // in time for it to be processed during session closure.
+
+        if (f2sh.isDone()) {
+            // The future has completed. It is not known if the future was
+            // completed normally by the I/O layer or in error by doClose(). It
+            // doesn't matter which. There is nothing more to do here.
+            return;
         }
+
+        // The session is closed. The Future had not completed when last checked.
+        // There is a small timing window that means the Future may have been
+        // completed since the last check. There is also the possibility that
+        // the Future was not registered in time to be cleaned up during session
+        // close.
+        // Attempt to complete the Future with an error result as this ensures
+        // that the Future completes and any client code waiting on it does not
+        // hang. It is slightly inefficient since the Future may have been
+        // completed in another thread or another thread may be about to
+        // complete the Future but knowing if this is the case requires the sync
+        // on stateLock (see above).
+        // Note: If multiple attempts are made to complete the Future, the
+        //       second and subsequent attempts are ignored.
+
+        IOException ioe = new IOException(sm.getString("wsSession.messageFailed"));
+        SendResult sr = new SendResult(ioe);
+        f2sh.onResult(sr);
     }