[7u4] request for review: 7152608: [macosx] Crash in liblwawt.dylib in AccelGlyphCache_RemoveCellInfo
Andrew Brygin
andrew.brygin at oracle.com
Wed Mar 14 04:58:37 PDT 2012
Hello,
this problem is an example of 'use-after-free' crash: the crash itself
happens when AccelGlyphCache meets invalid pointer to a cache cell info
in cached glyph info structure. This pointer can have arbitrary value,
because corresponding glyph info structure is already destroyed by
CStrike cache machinery.
The root of the problem is that this destruction is made without any
notification to AccelGlyphCache, which keeps and uses invalid pointer to
glyph info object.
Suggested solution is to remove a glyph info instance from the
accelerated cache before destruction. Please take a look to suggested
fix.
Bug: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7152608
Webrev: http://cr.openjdk.java.net/~bae/7152608/webrev/
Thanks,
Andrew
More information about the macosx-port-dev
mailing list