Jochen Hoenicke wrote:
> > Please only doublecheck it is impossible to crash native code with
> > malicious multithreading. It can fail with any exception, kill thread
> > etc, but crashing a vm would be a security problem.
>
> Artur is right here, I didn't think of this. All methods, that call a
> zlib methods, except init should be synchronized.
>
> The native files should be read again with security in mind. We must
> also check if zstream is null and throw a NullPointerException
> otherwise.
Note that in CNI/libgcj, this is not an issue, because an unhandled sigsegv
in native code will be automatically mapped into a NullPointerException. So,
the synchronization in the CNI version may still be removed.
regards
[ bryce ]
