[OpenJDK 2D-Dev] RFR: [9] JDK-8132985, , Crash in freetypescaler.c due to double free
Phil Race
philip.race at oracle.com
Tue Sep 29 22:46:33 UTC 2015
Approved.
-phil.
On 09/28/2015 10:25 PM, prasanta sadhukhan wrote:
> Gentle reminder to approve and commit this change.
>
> Regards
> Prasanta
> On 9/28/2015 10:49 AM, prasanta sadhukhan wrote:
>> Hi Phil,Sergey,
>>
>> Could you please approve this fix?
>> I have followed your comment regarding the test.
>>
>> Regards
>> Prasanta
>> On 9/25/2015 10:55 AM, prasanta sadhukhan wrote:
>>> Hi All,
>>>
>>> Can this please be reviewed and approved please?
>>>
>>> Regards
>>> Prasanta
>>> On 9/21/2015 2:57 PM, prasanta sadhukhan wrote:
>>>> Hi All,
>>>>
>>>> Bug: https://bugs.openjdk.java.net/browse/JDK-8132985
>>>> Webrev: http://cr.openjdk.java.net/~psadhukhan/8132985/webrev.00/
>>>>
>>>> Please review a bug fix whereby freeing a FT_StreamRec pointer
>>>> leads to a crash.
>>>> It was found that FT_Done_Face() frees the FT_StreamRec pointer if
>>>> FT allocated memory for it internally.
>>>> Since Java uses freetype, FT ends up allocating FT_StreamRec
>>>> structure in Java's TypeFont1. We call FT_Done_Face(FT_Face)
>>>> and also free(face->stream) resulting in double free causing crash.
>>>> The solution is to maintain it's own copy of stream pointer so Java
>>>> knows when it needs to free the stream pointer and when to
>>>> leave it to FT.
>>>>
>>>> Regards
>>>> Prasanta
>>>
>>
>
More information about the 2d-dev
mailing list