BZip2CompressorOutputStream has an unsynchronized finished() method, and an unsynchronized finalize method. Finish checks to see if the output stream is null, and if it is not it calls various methods, some of which write to the output stream.
Now, consider something like this sequence.
BZip2OutputStream s = ...
s = null;
After the s = null, the stream is garbage. At some point the garbage collector call finalize(), which calls finish(). But, since the GC may be on a different thread, there is no guarantee that the assignment this.out = null in finish() has actually been made visible to the GC thread, which results in bad data in the output stream.
This is not a theoretical problem; In a part of a large project I'm working on, this happens about 2% of the time.
The fixes are simple
1) synchronize finish() or
2) don't call finish from finalize().
A workaround is to derive a class and override the finalize() method.