RFR: 8332866: Crash in ImageIO JPEG decoding when MEM_STATS in enabled [v2]
Jayathirth D V
jdv at openjdk.org
Tue Jun 4 05:15:26 UTC 2024
> In IJG library's jmemmgr.c file we can define MEM_STATS(by default this flag is disabled and we don't see this issue) to enable printing of memory trace logs when we have OOM. But if we enable it we get crash while disposing IJG stored objects in jmemmgr->free-pool() function.
>
> This is happening because we delete the error handler before we actually start deleting IJG stored objects and while freeing the IJG objects we try to access cinfo->err->trace_level of error handler. This early deletion of error handler is happening in imageioJPEG.c->imageio_dispose() function.
>
> Moved the logic to delete error handler after we are done with deleting IJG stored objects, after this change there is no crash. There is no regression test because this issue is seen only when we enable MEM_STATS flag in IJG library. Ran jtreg ImageIO tests with code update and i don't see any regressions.
>
> I have verified that this issue doesn't effect SplashScreen code path and disposing of IJG objects is handled differently in SplashScreen.
Jayathirth D V has updated the pull request incrementally with one additional commit since the last revision:
Update copyright year
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/19386/files
- new: https://git.openjdk.org/jdk/pull/19386/files/abe4de70..69e9d1c7
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=19386&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=19386&range=00-01
Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
Patch: https://git.openjdk.org/jdk/pull/19386.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/19386/head:pull/19386
PR: https://git.openjdk.org/jdk/pull/19386
More information about the client-libs-dev
mailing list