Hi Nico, I've filed a bug at https://bugs.openjdk.org/browse/JDK-8318599. Will look into it.
Thanks, Max > On Oct 19, 2023, at 10:39 PM, Nico Williams <nico.willi...@twosigma.com> > wrote: > > Also, a colleague informs me that 17.0.5 (as packaged by Debian) w/o > `-Djdk.spnego.cache=false` doesn't exhibit the double-free/use-after-free > crashes (as expected), but: > >> I do see some "Authentication failure" / and >> "java.lang.NullPointerException: Cannot invoke >> "sun.net.www.protocol.http.Negotiator.nextToken(byte[])" because >> "this.negotiator" is null". > > That seems to support the idea that the `AuthCache` is harmful. > > Nico > -- > > >
