[OpenJDK 2D-Dev] RFR: [9] JDK-8132985, , Crash in freetypescaler.c due to double free
prasanta sadhukhan
prasanta.sadhukhan at oracle.com
Fri Sep 25 05:25:19 UTC 2015
Hi All,
Can this please be reviewed and approved please?
Regards
Prasanta
On 9/21/2015 2:57 PM, prasanta sadhukhan wrote:
> Hi All,
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8132985
> Webrev: http://cr.openjdk.java.net/~psadhukhan/8132985/webrev.00/
>
> Please review a bug fix whereby freeing a FT_StreamRec pointer leads
> to a crash.
> It was found that FT_Done_Face() frees the FT_StreamRec pointer if FT
> allocated memory for it internally.
> Since Java uses freetype, FT ends up allocating FT_StreamRec structure
> in Java's TypeFont1. We call FT_Done_Face(FT_Face)
> and also free(face->stream) resulting in double free causing crash.
> The solution is to maintain it's own copy of stream pointer so Java
> knows when it needs to free the stream pointer and when to
> leave it to FT.
>
> Regards
> Prasanta
More information about the 2d-dev
mailing list