-
Bug
-
Resolution: Won't Fix
-
P4
-
1.4.2_10
-
generic
-
generic
The JDK 1.4.2_10 AWT Font handling code may reference free'd memory. It will use a FontTransform* to create another FontTransform*. It frees a FontTransform* before creating the new one, and then uses the just freed FontTransform* to create the new one. It is used under a different variable name, but it may be re used after being deallocated.
The solution I found was to create the new FontTransform* before freeing the old one. Here are the diffs for the fix:
==== //java/main-dev/java/j2se/src/share/native/sun/awt/font/fontmanager/fontobjects/fontObject.cpp#6 - /home/bolsinga/sources/bolsinga-proxy/java/main-dev/java/j2se/src/share/native/sun/awt/font/fontmanager/fontobjects/fontObject.cpp ====
--- /tmp/tmp.27398.0 2006-02-06 15:28:04.000000000 -0800
+++ /home/bolsinga/sources/bolsinga-proxy/java/main-dev/java/j2se/src/share/native/sun/awt/font/fontmanager/fontobjects/fontObject.cpp 2006-02-06 14:23:35.000000000 -0800
@@ -259,11 +259,12 @@
if (fStrike == NULL) {
fStrike = new Strike(*this, tx, isAntiAliased, usesFractionalMetrics);
}
+ FontTransform* newStrikeTx = new FontTransform(tx);
if (fStrikeTx) {
delete fStrikeTx;
fStrikeTx = NULL;
}
- fStrikeTx = new FontTransform(tx);
+ fStrikeTx = newStrikeTx;
fStrikeIsAntiAliased = isAntiAliased;
fStrikeUsesFractionalMetrics = usesFractionalMetrics;
fStrikeCurrentStyle = m_currentStyle;
@@ -280,10 +281,11 @@
delete fStrike;
}
fStrike = theStrike;
+ FontTransform* newStrikeTx = new FontTransform(tx);
if(NULL != fStrikeTx){
delete fStrikeTx;
}
- fStrikeTx = new FontTransform(tx);
+ fStrikeTx = newStrikeTx;
fStrikeIsAntiAliased = isAntiAliased;
fStrikeUsesFractionalMetrics = usesFractionalMetrics;
fStrikeCurrentStyle = m_currentStyle;
The solution I found was to create the new FontTransform* before freeing the old one. Here are the diffs for the fix:
==== //java/main-dev/java/j2se/src/share/native/sun/awt/font/fontmanager/fontobjects/fontObject.cpp#6 - /home/bolsinga/sources/bolsinga-proxy/java/main-dev/java/j2se/src/share/native/sun/awt/font/fontmanager/fontobjects/fontObject.cpp ====
--- /tmp/tmp.27398.0 2006-02-06 15:28:04.000000000 -0800
+++ /home/bolsinga/sources/bolsinga-proxy/java/main-dev/java/j2se/src/share/native/sun/awt/font/fontmanager/fontobjects/fontObject.cpp 2006-02-06 14:23:35.000000000 -0800
@@ -259,11 +259,12 @@
if (fStrike == NULL) {
fStrike = new Strike(*this, tx, isAntiAliased, usesFractionalMetrics);
}
+ FontTransform* newStrikeTx = new FontTransform(tx);
if (fStrikeTx) {
delete fStrikeTx;
fStrikeTx = NULL;
}
- fStrikeTx = new FontTransform(tx);
+ fStrikeTx = newStrikeTx;
fStrikeIsAntiAliased = isAntiAliased;
fStrikeUsesFractionalMetrics = usesFractionalMetrics;
fStrikeCurrentStyle = m_currentStyle;
@@ -280,10 +281,11 @@
delete fStrike;
}
fStrike = theStrike;
+ FontTransform* newStrikeTx = new FontTransform(tx);
if(NULL != fStrikeTx){
delete fStrikeTx;
}
- fStrikeTx = new FontTransform(tx);
+ fStrikeTx = newStrikeTx;
fStrikeIsAntiAliased = isAntiAliased;
fStrikeUsesFractionalMetrics = usesFractionalMetrics;
fStrikeCurrentStyle = m_currentStyle;