Mercurial > hg > openjdk > jdk8u > jdk
changeset 12440:5b0fa6e00431 jdk8u151-b01
8171261: Stability fixes for lcms
Reviewed-by: serb, vadim, mschoene
author | prr |
---|---|
date | Fri, 07 Apr 2017 17:54:06 +0530 |
parents | 4caa79897fd8 |
children | 50c9dc9b60af |
files | src/share/native/sun/java2d/cmm/lcms/cmscgats.c src/share/native/sun/java2d/cmm/lcms/cmsnamed.c src/share/native/sun/java2d/cmm/lcms/cmsopt.c src/share/native/sun/java2d/cmm/lcms/cmstypes.c src/share/native/sun/java2d/cmm/lcms/lcms2.h |
diffstat | 5 files changed, 29 insertions(+), 10 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/native/sun/java2d/cmm/lcms/cmscgats.c Tue Jun 13 10:30:22 2017 -0700 +++ b/src/share/native/sun/java2d/cmm/lcms/cmscgats.c Fri Apr 07 17:54:06 2017 +0530 @@ -900,7 +900,7 @@ k = 0; NextCh(it8); - while (k < MAXSTR && it8->ch != sng) { + while (k < (MAXSTR-1) && it8->ch != sng) { if (it8->ch == '\n'|| it8->ch == '\r') k = MAXSTR+1; else { @@ -2053,14 +2053,18 @@ static void ReadType(cmsIT8* it8, char* SheetTypePtr) { + cmsInt32Number cnt = 0; + // First line is a very special case. while (isseparator(it8->ch)) NextCh(it8); - while (it8->ch != '\r' && it8 ->ch != '\n' && it8->ch != '\t' && it8 -> ch != -1) { + while (it8->ch != '\r' && it8 ->ch != '\n' && it8->ch != '\t' && it8 -> ch != 0) { *SheetTypePtr++= (char) it8 ->ch; + if (cnt++ < MAXSTR) + *SheetTypePtr++= (char) it8 ->ch; NextCh(it8); } @@ -2253,7 +2257,7 @@ // that should be something like some printable characters plus a \n // returns 0 if this is not like a CGATS, or an integer otherwise. This integer is the number of words in first line? static -int IsMyBlock(cmsUInt8Number* Buffer, int n) +int IsMyBlock(const cmsUInt8Number* Buffer, int n) { int words = 1, space = 0, quot = 0; int i; @@ -2317,7 +2321,7 @@ // ---------------------------------------------------------- Exported routines -cmsHANDLE CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, void *Ptr, cmsUInt32Number len) +cmsHANDLE CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, const void *Ptr, cmsUInt32Number len) { cmsHANDLE hIT8; cmsIT8* it8; @@ -2326,7 +2330,7 @@ _cmsAssert(Ptr != NULL); _cmsAssert(len != 0); - type = IsMyBlock((cmsUInt8Number*)Ptr, len); + type = IsMyBlock((const cmsUInt8Number*)Ptr, len); if (type == 0) return NULL; hIT8 = cmsIT8Alloc(ContextID);
--- a/src/share/native/sun/java2d/cmm/lcms/cmsnamed.c Tue Jun 13 10:30:22 2017 -0700 +++ b/src/share/native/sun/java2d/cmm/lcms/cmsnamed.c Fri Apr 07 17:54:06 2017 +0530 @@ -521,7 +521,11 @@ size = v ->Allocated * 2; // Keep a maximum color lists can grow, 100K entries seems reasonable - if (size > 1024*100) return FALSE; + if (size > 1024 * 100) { + _cmsFree(v->ContextID, (void*) v->List); + v->List = NULL; + return FALSE; + } NewPtr = (_cmsNAMEDCOLOR*) _cmsRealloc(v ->ContextID, v ->List, size * sizeof(_cmsNAMEDCOLOR)); if (NewPtr == NULL) @@ -543,8 +547,11 @@ v ->nColors = 0; v ->ContextID = ContextID; - while (v -> Allocated < n){ - if (!GrowNamedColorList(v)) return NULL; + while (v -> Allocated < n) { + if (!GrowNamedColorList(v)) { + _cmsFree(ContextID, (void*) v); + return NULL; + } } strncpy(v ->Prefix, Prefix, sizeof(v ->Prefix)-1);
--- a/src/share/native/sun/java2d/cmm/lcms/cmsopt.c Tue Jun 13 10:30:22 2017 -0700 +++ b/src/share/native/sun/java2d/cmm/lcms/cmsopt.c Fri Apr 07 17:54:06 2017 +0530 @@ -1464,6 +1464,7 @@ // LUT optimizes to nothing. Set the identity LUT cmsStageFree(ObtainedCurves); + ObtainedCurves = NULL; if (!cmsPipelineInsertStage(Dest, cmsAT_BEGIN, cmsStageAllocIdentity(Dest ->ContextID, Src ->InputChannels))) goto Error;
--- a/src/share/native/sun/java2d/cmm/lcms/cmstypes.c Tue Jun 13 10:30:22 2017 -0700 +++ b/src/share/native/sun/java2d/cmm/lcms/cmstypes.c Fri Apr 07 17:54:06 2017 +0530 @@ -4452,7 +4452,8 @@ NewLUT = cmsPipelineAlloc(self ->ContextID, InputChans, OutputChans); if (NewLUT == NULL) return NULL; - if (!_cmsReadUInt32Number(io, &ElementCount)) return NULL; + if (!_cmsReadUInt32Number(io, &ElementCount)) goto Error; + if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) goto Error; if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) { if (NewLUT != NULL) cmsPipelineFree(NewLUT); @@ -4464,6 +4465,12 @@ *nItems = 1; return NewLUT; + // Error +Error: + if (NewLUT != NULL) cmsPipelineFree(NewLUT); + *nItems = 0; + return NULL; + cmsUNUSED_PARAMETER(SizeOfTag); }
--- a/src/share/native/sun/java2d/cmm/lcms/lcms2.h Tue Jun 13 10:30:22 2017 -0700 +++ b/src/share/native/sun/java2d/cmm/lcms/lcms2.h Fri Apr 07 17:54:06 2017 +0530 @@ -1822,7 +1822,7 @@ // Persistence CMSAPI cmsHANDLE CMSEXPORT cmsIT8LoadFromFile(cmsContext ContextID, const char* cFileName); -CMSAPI cmsHANDLE CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, void *Ptr, cmsUInt32Number len); +CMSAPI cmsHANDLE CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, const void *Ptr, cmsUInt32Number len); // CMSAPI cmsHANDLE CMSEXPORT cmsIT8LoadFromIOhandler(cmsContext ContextID, cmsIOHANDLER* io); CMSAPI cmsBool CMSEXPORT cmsIT8SaveToFile(cmsHANDLE hIT8, const char* cFileName);