public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "greenrd at greenrd dot org" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug libgcj/23367] New: _Jv_FindMethodInCache is not thread-safe Date: Fri, 12 Aug 2005 21:09:00 -0000 [thread overview] Message-ID: <20050812210922.23367.greenrd@greenrd.org> (raw) _Jv_FindMethodInCache is not thread-safe, because it assumes that the following check is enough to assure thread-safety: _Jv_mcache *mc = method_cache + index; _Jv_Method *m = mc->method; if (mc->klass == klass && m != NULL // thread safe check && _Jv_equalUtf8Consts (m->name, name) && _Jv_equalUtf8Consts (m->signature, signature)) But this is bogus! If mc has already been assigned to, m will not be null, but if it has never been assigned to, m will be null, so it's a useless check. Therefore there is no effective measure for thread safety, so it's not thread-safe. This could cause fairly arbitrary bad behaviour, including NPEs, security violations, and weird hard-to-reproduce bugs. I believe I have seen an NPE caused by this bug, because the symptoms match what would be expected from this bug, and I know of no other plausible cause for these symptoms: Method called with "this" object being of incompatible type, so the method tries to read the "this" object as if it were the expected class, and receives garbage (in this case, 0x0). -- Summary: _Jv_FindMethodInCache is not thread-safe Product: gcc Version: 4.0.2 Status: UNCONFIRMED Severity: critical Priority: P2 Component: libgcj AssignedTo: unassigned at gcc dot gnu dot org ReportedBy: greenrd at greenrd dot org CC: gcc-bugs at gcc dot gnu dot org,java-prs at gcc dot gnu dot org http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23367
next reply other threads:[~2005-08-12 21:09 UTC|newest] Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top 2005-08-12 21:09 greenrd at greenrd dot org [this message] 2005-08-12 22:04 ` [Bug libgcj/23367] " pinskia at gcc dot gnu dot org 2005-08-22 22:09 ` tromey at gcc dot gnu dot org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20050812210922.23367.greenrd@greenrd.org \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).