Mercurial > hg > release > icedtea-1.9
view patches/security/icedtea-6804996.patch @ 1768:3a122c249dda
Port latest security fixes from IcedTea6.
2009-04-06 Andrew John Hughes <ahughes@redhat.com>
* Makefile.am:
Add new patches.
* patches/security/icedtea-6536193.patch,
* patches/security/icedtea-6610888.patch,
* patches/security/icedtea-6610896.patch,
* patches/security/icedtea-6630639.patch,
* patches/security/icedtea-6632886.patch,
* patches/security/icedtea-6636360.patch,
* patches/security/icedtea-6652463.patch,
* patches/security/icedtea-6656633.patch,
* patches/security/icedtea-6658158.patch,
* patches/security/icedtea-6691246.patch,
* patches/security/icedtea-6717680.patch,
* patches/security/icedtea-6721651.patch,
* patches/security/icedtea-6737315.patch,
* patches/security/icedtea-6792554.patch,
* patches/security/icedtea-6804996.patch,
* patches/security/icedtea-6804997.patch,
* patches/security/icedtea-6804998.patch:
Security patches ported from IcedTea6.
author | Andrew John Hughes <ahughes@redhat.com> |
---|---|
date | Tue, 07 Apr 2009 01:02:17 +0100 |
parents | |
children |
line wrap: on
line source
--- old/src/share/native/sun/awt/splashscreen/splashscreen_gif.c Thu Mar 5 16:18:35 2009 +++ openjdk/jdk/src/share/native/sun/awt/splashscreen/splashscreen_gif.c Thu Mar 5 16:18:34 2009 @@ -53,10 +53,6 @@ // convert libungif samples to our ones #define MAKE_QUAD_GIF(c,a) MAKE_QUAD((c).Red, (c).Green, (c).Blue, (a)) -#define SAFE_TO_ALLOC(c, sz) \ - (((c) > 0) && ((sz) > 0) && \ - ((0xffffffffu / ((unsigned int)(c))) > (unsigned int)(sz))) - /* stdio FILE* and memory input functions for libungif */ int SplashStreamGifInputFunc(GifFileType * gif, GifByteType * buf, int n) --- old/src/share/native/sun/awt/splashscreen/splashscreen_impl.h Thu Mar 5 16:18:38 2009 +++ openjdk/jdk/src/share/native/sun/awt/splashscreen/splashscreen_impl.h Thu Mar 5 16:18:37 2009 @@ -155,6 +155,10 @@ void SplashInitFrameShape(Splash * splash, int imageIndex); +#define SAFE_TO_ALLOC(c, sz) \ + (((c) > 0) && ((sz) > 0) && \ + ((0xffffffffu / ((unsigned int)(c))) > (unsigned int)(sz))) + #define dbgprintf printf #endif --- old/src/share/native/sun/awt/splashscreen/splashscreen_png.c Thu Mar 5 16:18:41 2009 +++ openjdk/jdk/src/share/native/sun/awt/splashscreen/splashscreen_png.c Thu Mar 5 16:18:40 2009 @@ -103,9 +103,17 @@ rowbytes = png_get_rowbytes(png_ptr, info_ptr); + if (!SAFE_TO_ALLOC(rowbytes, height)) { + goto done; + } + if ((image_data = (unsigned char *) malloc(rowbytes * height)) == NULL) { goto done; } + + if (!SAFE_TO_ALLOC(height, sizeof(png_bytep))) { + goto done; + } if ((row_pointers = (png_bytepp) malloc(height * sizeof(png_bytep))) == NULL) { goto done; @@ -121,13 +129,28 @@ splash->width = width; splash->height = height; + if (!SAFE_TO_ALLOC(splash->width, splash->imageFormat.depthBytes)) { + goto done; + } stride = splash->width * splash->imageFormat.depthBytes; + if (!SAFE_TO_ALLOC(splash->height, stride)) { + goto done; + } splash->frameCount = 1; splash->frames = (SplashImage *) malloc(sizeof(SplashImage) * splash->frameCount); + + if (splash->frames == NULL) { + goto done; + } + splash->loopCount = 1; splash->frames[0].bitmapBits = malloc(stride * splash->height); + if (splash->frames[0].bitmapBits == NULL) { + free(splash->frames); + goto done; + } splash->frames[0].delay = 0; /* FIXME: sort out the real format */