On Jun 14, Artur Biesiadowski wrote:
> Jochen Hoenicke wrote:
> > I have removed the synchronization (though the perl script supports
> > it), since it is unnecessary. The De/Inflater is by design not thread
> > safe, since de/inflate and setInput are distinct functions. The
> > comment I put in the header of the java files documents this.
>
> Please only doublecheck it is impossible to crash native code with
> malicious multithreading. It can fail with any exception, kill thread
> etc, but crashing a vm would be a security problem.
Artur is right here, I didn't think of this. All methods, that call a
zlib methods, except init should be synchronized.
The native files should be read again with security in mind. We must
also check if zstream is null and throw a NullPointerException
otherwise.
Mark, if you want I can correct this.
Jochen
