summaryrefslogtreecommitdiffstats
path: root/src/java/com/jogamp/gluegen
diff options
context:
space:
mode:
authorSven Gothel <[email protected]>2023-07-02 03:58:20 +0200
committerSven Gothel <[email protected]>2023-07-02 03:58:20 +0200
commit98dca8cd3cffd3f9dc1c920bbe8e6349877447b7 (patch)
treeb3611bbdb55791a0288e31a90ce590ccb8c22120 /src/java/com/jogamp/gluegen
parent760fb65d1d65fcac927e28de442f3b9bfd3d58f0 (diff)
GlueGen JavaCallback: Document native callback use-after-free potential (caught), zero-mem @ release
Diffstat (limited to 'src/java/com/jogamp/gluegen')
-rw-r--r--src/java/com/jogamp/gluegen/CMethodBindingEmitter.java7
1 files changed, 6 insertions, 1 deletions
diff --git a/src/java/com/jogamp/gluegen/CMethodBindingEmitter.java b/src/java/com/jogamp/gluegen/CMethodBindingEmitter.java
index b2b9cbd..128f9ce 100644
--- a/src/java/com/jogamp/gluegen/CMethodBindingEmitter.java
+++ b/src/java/com/jogamp/gluegen/CMethodBindingEmitter.java
@@ -375,7 +375,10 @@ public class CMethodBindingEmitter extends FunctionEmitter {
returnStatement = "return;";
}
unit.emitln(" if( NULL == cb ) { fprintf(stderr, \"Info: Callback '"+staticCallbackName+"(..)': NULL "+userParamArgName+", skipping!\\n\"); "+returnStatement+" }");
- unit.emitln(" T_"+jcbNativeBasename+" cb2 = *cb; // use a copy to avoid data-race between GetObjectRefType() and MonitorEnter()");
+ unit.emitln();
+ unit.emitln(" // Use-after-free of '*cb' possible up until after GetObjectRefType() check for a brief moment!");
+ unit.emitln(" // Use a copy to avoid data-race between GetObjectRefType() and MonitorEnter()\");");
+ unit.emitln(" T_"+jcbNativeBasename+" cb2 = *cb;");
unit.emitln();
unit.emitln(" jobjectRefType refType = (*env)->GetObjectRefType(env, cb2.lockObj);");
unit.emitln(" if( 0 == refType ) { fprintf(stderr, \"Info: Callback '"+staticCallbackName+"(..)': User after free(lock), skipping!\\n\"); "+returnStatement+" }");
@@ -609,6 +612,8 @@ public class CMethodBindingEmitter extends FunctionEmitter {
unit.emitln(" (*env)->DeleteGlobalRef(env, nativeUserParam->lockObj);");
unit.emitln(" (*env)->DeleteGlobalRef(env, nativeUserParam->cbFunc);");
unit.emitln(" (*env)->DeleteGlobalRef(env, nativeUserParam->userParam);");
+ unit.emitln(" // Ensure even w/ use-after-free jobject refs are NULL and invalid to avoid accidental reuse.");
+ unit.emitln(" memset(nativeUserParam, 0, sizeof(T_"+jcbNativeBasename+"));");
unit.emitln(" free(nativeUserParam);");
unit.emitln(" }");
unit.emitln("}");
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-01 11:07:23 +0000