Mercurial > hg > release > icedtea-1.9

view patches/security/icedtea-6804998.patch @ 1768:3a122c249dda

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Port latest security fixes from IcedTea6. 2009-04-06 Andrew John Hughes <ahughes@redhat.com> * Makefile.am: Add new patches. * patches/security/icedtea-6536193.patch, * patches/security/icedtea-6610888.patch, * patches/security/icedtea-6610896.patch, * patches/security/icedtea-6630639.patch, * patches/security/icedtea-6632886.patch, * patches/security/icedtea-6636360.patch, * patches/security/icedtea-6652463.patch, * patches/security/icedtea-6656633.patch, * patches/security/icedtea-6658158.patch, * patches/security/icedtea-6691246.patch, * patches/security/icedtea-6717680.patch, * patches/security/icedtea-6721651.patch, * patches/security/icedtea-6737315.patch, * patches/security/icedtea-6792554.patch, * patches/security/icedtea-6804996.patch, * patches/security/icedtea-6804997.patch, * patches/security/icedtea-6804998.patch: Security patches ported from IcedTea6.
author Andrew John Hughes <ahughes@redhat.com>
date Tue, 07 Apr 2009 01:02:17 +0100
parents
children
line wrap: on
line source

--- old/src/share/classes/sun/awt/image/GifImageDecoder.java	Thu Mar  5 17:00:25 2009
+++ openjdk/jdk/src/share/classes/sun/awt/image/GifImageDecoder.java	Thu Mar  5 17:00:24 2009
@@ -585,9 +585,16 @@
             System.out.print("Reading a " + width + " by " + height + " " +
                       (interlace ? "" : "non-") + "interlaced image...");
         }
-
+        int initCodeSize = ExtractByte(block, 9);
+        if (initCodeSize >= 12) {
+            if (verbose) {
+                System.out.println("Invalid initial code size: " +
+                                   initCodeSize);
+            }
+            return false;
+        }
         boolean ret = parseImage(x, y, width, height,
-                                 interlace, ExtractByte(block, 9),
+                                 interlace, initCodeSize,
                                  block, rasline, model);
 
         if (!ret) {
--- old/src/share/native/sun/awt/image/gif/gifdecoder.c	Thu Mar  5 17:00:28 2009
+++ openjdk/jdk/src/share/native/sun/awt/image/gif/gifdecoder.c	Thu Mar  5 17:00:27 2009
@@ -191,6 +191,11 @@
     int passht = passinc;
     int len;
 
+    /* We have verified the initial code size on the java layer.
+     * Here we just check bounds for particular indexes. */
+    if (freeCode >= 4096 || maxCode >= 4096) {
+        return 0;
+    }
     if (blockh == 0 || raslineh == 0
         || prefixh == 0 || suffixh == 0
         || outCodeh == 0)