[OpenJDK 2D-Dev] RFR: [9] JDK-8132985, , Crash in freetypescaler.c due to double free
prasanta sadhukhan
prasanta.sadhukhan at oracle.com
Mon Sep 21 09:27:30 UTC 2015
Hi All,
Bug: https://bugs.openjdk.java.net/browse/JDK-8132985
Webrev: http://cr.openjdk.java.net/~psadhukhan/8132985/webrev.00/
Please review a bug fix whereby freeing a FT_StreamRec pointer leads to
a crash.
It was found that FT_Done_Face() frees the FT_StreamRec pointer if FT
allocated memory for it internally.
Since Java uses freetype, FT ends up allocating FT_StreamRec structure
in Java's TypeFont1. We call FT_Done_Face(FT_Face)
and also free(face->stream) resulting in double free causing crash.
The solution is to maintain it's own copy of stream pointer so Java
knows when it needs to free the stream pointer and when to
leave it to FT.
Regards
Prasanta
More information about the 2d-dev
mailing list