RFR: 8284855: Update needed to Cleaners added to jdk.crypto.cryptoki [v3]

Daniel Fuchs dfuchs at openjdk.java.net
Fri Apr 15 08:28:39 UTC 2022

On Fri, 15 Apr 2022 07:20:42 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> This is an effort to fix a problem introduced in the fix for [JDK-8284368](https://bugs.openjdk.java.net/browse/JDK-8284368), which replaced the finalizers in jdk.crypto.cryptoki with Cleaners.  However, there is a problem with the code changes. The Runnables registered with Cleaner refer to the object being registered ('this'). Meaning, the Cleaner mechanism will keep the objects reachable, preventing them from being cleaned and collected.
> Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision:
>   Don't use lambda in cleaner

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java line 235:

> 233:                 this.password = password.clone();
> 234:                 P11Util.cleaner.register(this,
> 235:                         () -> Arrays.fill(this.password, ' '));

This lambda most probably capture `this` so it will create a leak.


PR: https://git.openjdk.java.net/jdk/pull/8248

More information about the security-dev mailing list