Details
-
Bug
-
Status: Closed
-
P4
-
Resolution: Fixed
-
1.1.4
-
1.1.5
-
generic
-
solaris_2.5.1
-
Verified
Description
(JDK 114) in function
java_io_ObjectStreamClass_getFieldSignatures() in file
src/share/java/lang/ObjectStreamClass.c.
(The same bug exists in function
java_io_ObjectStreamClass_getMethodSignatures()).
Here is the code that is buggy:
for (i = cbFieldsCount(cb) - 1; i >= 0; i--) {
...
namearray = (HString **)unhand(namearrayhandle)->body;
namearray[i] = makeJavaString(buffer, strlen(buffer));
...
}
Suppose garbage collection occurs during the call to makeJavaString().
Couldn't the garbage collection cause the object that namearray points
at to be moved, hence invalidating namearray's value ?
Should the code be fixed by doing something like:
/* loop thru each field in the class */
for (i = cbFieldsCount(cb) - 1; i >= 0; i--) {
...
strobj = makeJavaString(p, strlen(p));
namearray = (HString **)unhand(namearrayhandle)->body;
namearray[i] = strobj;
...
}
java_io_ObjectStreamClass_getFieldSignatures() in file
src/share/java/lang/ObjectStreamClass.c.
(The same bug exists in function
java_io_ObjectStreamClass_getMethodSignatures()).
Here is the code that is buggy:
for (i = cbFieldsCount(cb) - 1; i >= 0; i--) {
...
namearray = (HString **)unhand(namearrayhandle)->body;
namearray[i] = makeJavaString(buffer, strlen(buffer));
...
}
Suppose garbage collection occurs during the call to makeJavaString().
Couldn't the garbage collection cause the object that namearray points
at to be moved, hence invalidating namearray's value ?
Should the code be fixed by doing something like:
/* loop thru each field in the class */
for (i = cbFieldsCount(cb) - 1; i >= 0; i--) {
...
strobj = makeJavaString(p, strlen(p));
namearray = (HString **)unhand(namearrayhandle)->body;
namearray[i] = strobj;
...
}
Attachments
Issue Links
- relates to
-
-
- Closed
-