JDK-6604900 : D3D: incorrect error handling in CreateInstance() code
  • Type: Bug
  • Component: client-libs
  • Sub-Component: 2d
  • Affected Version: 6u5
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • OS: windows_xp
  • CPU: x86
  • Submitted: 2007-09-14
  • Updated: 2010-10-14
  • Resolved: 2007-09-24
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6
6u10 b04Fixed
Description
Crashes possible because of incorrect handling of errors
in the pipeline initialization code.

Comments
SUGGESTED FIX http://sa.sfbay.sun.com/projects/java2d_data/6u5/6604900.0
19-09-2007

SUGGESTED FIX In all these places change 'ppRet = NULL' to '*ppRet = NULL'
14-09-2007

EVALUATION There are several places where the following template is used to create an instance of an object: HRESULT Class::CreateInstance(Class **ppRet) { HRESULT res; *ppRet = new Class(); if (FAILED(res = (*ppRet)->Init())) { delete *ppRet; ppRet = NULL; } return res; } There's a bug here: in case of Init() failure the intention was to set *ppRet to NULL. The current code doesn't clear the *ppRet in case of failure, which could lead to a later attempt to delete the return result of CreateInstance(). This could happen for example with D3DContext::CreateInstance(): if the creation of the device fails, we set pAdapters[i].pContext to the return value of D3DContext::CreateInstance(), expecting it to be NULL if CreateInstance() failed. When the pipeline is shut down, we check if we need to delete the context by checking pContext against NULL, and will attempt to delete a garbage reference, leading to a crash.
14-09-2007