JDK-4413118 : Font.createFont leaks files and does not work sandboxed
  • Type: Bug
  • Component: client-libs
  • Sub-Component: 2d
  • Affected Version: 1.3.0
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • OS: windows_nt
  • CPU: x86
  • Submitted: 2001-02-08
  • Updated: 2001-02-09
  • Resolved: 2001-02-09
Related Reports
Duplicate :  
JDK-4395902 - Font.createFont() causes SecurityException in JApplet
Description

The following piece of code has two problems:

1) requires write permission does not work sandboxed (applet or 
   Java Web Start)

   Fix: A doPriviledge needs to be put into the code 

2) leaks a file every time it is called (in C:\Temp on Windows and
   /usr/tmp on Solaris)   

   Fix: Make sure to remove the file. This is a serious problem
   since a new file is leaked everytime the application is started



//---------------------------------------------------------------------

import java.awt.*;
import java.io.*;
import java.net.*;

public class ybGuiFactory
{

...

    private final static String VAR_FONT_FILE = "YB_VAR_FONT.TTF";

...

    public static void loadVarFont(String servletURL)
    {
        ClassLoader cl = ybGuiFactory.class.getClassLoader();
        try {
            // load from jar file 
            InputStream fontStream =
cl.getResourceAsStream("fonts/"+VAR_FONT_FILE);
            if(fontStream == null) {
              // load over the net
              URL fontURL = new URL(servletURL+"fonts/"+VAR_FONT_FILE);
              fontStream = fontURL.openStream();
              if(fontStream == null) return;
            }
            Font f = Font.createFont(Font.TRUETYPE_FONT, new
BufferedInputStream(fontStream));
            VAR_FONT = f.deriveFont((float) 8.8);
            fontStream.close();
        }
        catch(IOException ioe) {
            ioe.printStackTrace();
            return;
        }
        catch(FontFormatException ffe) {
            ffe.printStackTrace();
            return;
        }
    }

...

}

//---------------------------------------------------------------

-- 
rene.schmidt@eng 2001-02-07
Comments
EVALUATION Sounds like 4310747. Reassigning to 2D for their evaluation. eric.hawkes@eng 2001-02-08 ============================== Yes its the file leakage is the same as 4310747 & the separate issue of the "sandbox" is also a duplicate of 4395902 closing this out as a duplicate of 4395902 since that one is still open. phil.race@eng 2001-02-08 ========================
08-02-2001