[OpenJDK 2D-Dev] RFR: [9] JDK-8132985, , Crash in freetypescaler.c due to double free

prasanta sadhukhan prasanta.sadhukhan at oracle.com
Fri Sep 25 05:25:19 UTC 2015

Hi All,

Can this please be reviewed and approved please?

On 9/21/2015 2:57 PM, prasanta sadhukhan wrote:
> Hi All,
> Bug: https://bugs.openjdk.java.net/browse/JDK-8132985
> Webrev: http://cr.openjdk.java.net/~psadhukhan/8132985/webrev.00/
> Please review a bug fix whereby freeing a FT_StreamRec pointer leads 
> to a crash.
> It was found that FT_Done_Face() frees the FT_StreamRec pointer if FT 
> allocated memory for it internally.
> Since Java uses freetype, FT ends up allocating FT_StreamRec structure 
> in Java's TypeFont1. We call FT_Done_Face(FT_Face)
> and also free(face->stream) resulting in double free causing crash.
> The solution is to maintain it's own copy of stream pointer so Java 
> knows when it needs to free the stream pointer and when to
> leave it to FT.
> Regards
> Prasanta

More information about the 2d-dev mailing list