Both MappedByteBuffer and DirectByteBufferImpl use a finalize() method to free
the native memory, this is a potential security risk, because finalization does
not guarantee that an object is no longer reachable (it can still be
resurrected from another finalizer).
The proper way to handle clean up is by using a PhantomReference and a
ReferenceQueue.
--
Summary: [security] MappedByteBuffer & DirectByteBufferImpl
incorrectly use finalize to clean up
Product: classpath
Version: 0.93
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: classpath
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: jeroen at frijters dot net
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29499
_______________________________________________
Bug-classpath mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/bug-classpath
