> > > Please only doublecheck it is impossible to crash native code with
> > > malicious multithreading. It can fail with any exception, kill thread
> > > etc, but crashing a vm would be a security problem.
> >
> > Artur is right here, I didn't think of this. All methods, that call a
> > zlib methods, except init should be synchronized.
> >
> > The native files should be read again with security in mind. We must
> > also check if zstream is null and throw a NullPointerException
> > otherwise.
>
> Note that in CNI/libgcj, this is not an issue, because an unhandled sigsegv
> in native code will be automatically mapped into a NullPointerException. So,
> the synchronization in the CNI version may still be removed.
But will "malicious multithreading" always cause a sigsegv?
Isn't its behaviour more undefined?
John
