[JDK-4084854] unhand/gc bug in native method java_net_PlainSocketImpl_socketAccept in socket.c - Java Bug System

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: P2
Resolution: Duplicate
Affects Version/s: 1.1.4
Fix Version/s: None
Component/s: core-libs
Labels:
- KEEP_POINTER_ALIVE
- collection
- garbage
- gc
- java_net_PlainSocketImpl_socke
- jdk1.1.x
- licbug
- native
- socket.c
- unhand

Subcomponent:
java.net
CPU:

generic
OS:

solaris_2.5.1

Description

The bug is in native method java_net_PlainSocketImpl_socketAccept, in module
src/solaris/net/socket.c. The method has the following code:

    java_net_PlainSocketImpl_socketAccept( ... ) {
...
sptr = (Classjava_net_PlainSocketImpl*)unhand(s);
sptr_fdptr = unhand(sptr->fd);
...
fd = sysAcceptFD(in_fdptr, (struct sockaddr *)&him, &len);
...
if (sysSocketInitializeFD(sptr_fdptr, fd) == -1) {
NET_ERROR(0, JAVAPKG "OutOfMemoryError", 0);
}
       ...
    }

What is happening is that if garbage collection occurs while a thread is
calling sysAcceptFD() from within java_net_PlainSocketImpl_socketAccept(),
then the sptr and sptr_fdptr values may no longer be valid by the time
sysSocketInitializeFD () is eventually called. This causes function
sysSocketInitializeFD() to initialize the wrong fdptr with fd.

Attachments

Issue Links

duplicates

JDK-4084384 KEEP_POINTER_ALIVE missing in 1.1.x

Closed

relates to

JDK-4081691 garbage collection can invalidate objects in 2 methods in ObjectStreamClass.c

Closed

Activity

People

Assignee:: Benjamin Renaud (Inactive)

Reporter:: Jonathan Benoit (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 1997-10-08 11:24

Updated:: 1997-10-16 13:52

Resolved:: 1997-10-16 13:52

Imported:: 16/Sep/12 12:07 AM

Indexed:: 17/Jul/12 8:15 PM