[Bug classpath/29499] New: [security] MappedByteBuffer & DirectByteBufferImpl incorrectly use finalize to clean up

jeroen at frijters dot net Wed, 18 Oct 2006 07:57:54 -0700

Both MappedByteBuffer and DirectByteBufferImpl use a finalize() method to free
the native memory, this is a potential security risk, because finalization does
not guarantee that an object is no longer reachable (it can still be
resurrected from another finalizer).


The proper way to handle clean up is by using a PhantomReference and a
ReferenceQueue.


-- 
           Summary: [security] MappedByteBuffer & DirectByteBufferImpl
                    incorrectly use finalize to clean up
           Product: classpath
           Version: 0.93
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: classpath
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: jeroen at frijters dot net


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29499



_______________________________________________
Bug-classpath mailing list
Bug-classpath@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-classpath

[Bug classpath/29499] New: [security] MappedByteBuffer & DirectByteBufferImpl incorrectly use finalize to clean up

Reply via email to