On Tuesday 05 September 2006 04:52, Jeroen Frijters wrote: > Raif S. Naffah wrote: > > On Monday 04 September 2006 20:40, Jeroen Frijters wrote: > > > ... > > > ...*All* native method calls that use the > > > native_ptr need to be synchronized. > > > > i'm sorry but it is still not obvious to me why this should > > be so. every instance of a BigInteger has its own value of > > native_ptr. what are we protecting by synchronizing the > > methods? > > The case where an attacker calls finalize *while* the native code is > currently running and manipulating the data structure that is being > freed at the same time by the finalize method.
but isn't synchronizing the finalize() method enough to prevent this scenario? cheers; rsn
pgpI5RxRGTGWl.pgp
Description: PGP signature
