diff options
| author | Alexandr Miloslavskiy | 2018-10-17 09:44:30 +0000 |
|---|---|---|
| committer | Niraj Modi | 2018-10-22 10:33:14 +0000 |
| commit | 4b077dc68a2732930adc0791f4f253e415856d49 (patch) | |
| tree | ec2d0cfbfa867dba6870c58484125d47a9d32d42 /bundles/org.eclipse.swt/Eclipse SWT PI/win32/org | |
| parent | 550087f185e7f53a0053b447d2167edb59b5a8c5 (diff) | |
| download | eclipse.platform.swt-4b077dc68a2732930adc0791f4f253e415856d49.tar.gz eclipse.platform.swt-4b077dc68a2732930adc0791f4f253e415856d49.tar.xz eclipse.platform.swt-4b077dc68a2732930adc0791f4f253e415856d49.zip | |
Bug 539796 - [Win32] Crash in ScriptStringOut
This fixes the problem.
Signature for ScriptStringAnalyse changed to keep the native string.
Previously, JNI wrapper for ScriptStringAnalyse deallocated temporary
native string upon exit, causing ScriptStringOut to read already-freed memory.
Depending on circumstances that will
1) Read memory that is still intact, making impression that it works fine
2) Read memory overwritten by new owner
3) Crash if entire virtual page was deallocated by Windows
In the original fix for Bug 239477, it was incorrectly assumed that
Uniscribe libraries crash. The true problem is that when a buffer is
big enough (such as 16665 used in test snippet), Windows will most
likely deallocate virtual pages along with the heap block, and subsequent
read from such page will guarantee a crash. With buffer of just 2 characters
the problem is still there, but most often the memory will be intact for
short while after deallocation, because virtual page containing deallocated
block is still occupied with other heap blocks.
Workaround from Bug 239477, that is estimating font by just 2 characters,
has its own side effects. It will be addressed in future patches.
Easily reproducible with Application Verifier configured for Basics/Heaps,
because Application Verifier reduces the chances to access freed memory
to almost zero.
Code snippet that reproduces the problem:
final Display display = new Display();
TextLayout layout = new TextLayout(display);
layout.setText("\u0001");
layout.getBounds();
Change-Id: Ibc5e15b173beca54b2ed73cdcb1bc9eb40d4187d
Signed-off-by: Alexandr Miloslavskiy <alexandr.miloslavskiy@syntevo.com>
Diffstat (limited to 'bundles/org.eclipse.swt/Eclipse SWT PI/win32/org')
| -rw-r--r-- | bundles/org.eclipse.swt/Eclipse SWT PI/win32/org/eclipse/swt/internal/win32/OS.java | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/bundles/org.eclipse.swt/Eclipse SWT PI/win32/org/eclipse/swt/internal/win32/OS.java b/bundles/org.eclipse.swt/Eclipse SWT PI/win32/org/eclipse/swt/internal/win32/OS.java index 6280d7e61b..9aa574d32e 100644 --- a/bundles/org.eclipse.swt/Eclipse SWT PI/win32/org/eclipse/swt/internal/win32/OS.java +++ b/bundles/org.eclipse.swt/Eclipse SWT PI/win32/org/eclipse/swt/internal/win32/OS.java @@ -5450,7 +5450,7 @@ public static final native int ScriptShape (long /*int*/ hdc, long /*int*/ psc, * @param pbInClass cast=(const BYTE*) * @param pssa cast=(SCRIPT_STRING_ANALYSIS*) */ -public static final native int ScriptStringAnalyse (long /*int*/ hdc, char[] pString, int cString, int cGlyphs, int iCharset, int dwFlags, int iReqWidth, SCRIPT_CONTROL psControl, SCRIPT_STATE psState, long /*int*/ piDx, long /*int*/ pTabdef, long /*int*/ pbInClass, long /*int*/ pssa); +public static final native int ScriptStringAnalyse (long /*int*/ hdc, long /*int*/ pString, int cString, int cGlyphs, int iCharset, int dwFlags, int iReqWidth, SCRIPT_CONTROL psControl, SCRIPT_STATE psState, long /*int*/ piDx, long /*int*/ pTabdef, long /*int*/ pbInClass, long /*int*/ pssa); /** @param ssa cast=(SCRIPT_STRING_ANALYSIS*),flags=struct */ public static final native int ScriptStringOut(long /*int*/ ssa, int iX, int iY, int uOptions, RECT prc, int iMinSel, int iMaxSel, boolean fDisabled); /** @param pssa cast=(SCRIPT_STRING_ANALYSIS*) */ |