earlier, i wrote: > On Tuesday 05 September 2006 04:52, Jeroen Frijters wrote: > > Raif S. Naffah wrote: > > > On Monday 04 September 2006 20:40, Jeroen Frijters wrote: > > > > ... > > > > ...*All* native method calls that use the > > > > native_ptr need to be synchronized. > > > > > > i'm sorry but it is still not obvious to me why this should > > > be so. every instance of a BigInteger has its own value of > > > native_ptr. what are we protecting by synchronizing the > > > methods? > > > > The case where an attacker calls finalize *while* the native code is > > currently running and manipulating the data structure that is being > > freed at the same time by the finalize method. > > but isn't synchronizing the finalize() method enough to prevent this > scenario?
no it isn't. i'll have a look at your suggested pattern and re-submit the patch. thanks + cheers; rsn
pgpd0NxtYnm2Y.pgp
Description: PGP signature
