Mercurial > hg > release > icedtea6-1.11

view patches/security/20130618/8011253-better_short_component_rasters.patch @ 2907:d7eca687b7d2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add 2013/06/18 security patches. 2013-06-22 Andrew John Hughes <gnu.andrew@member.fsf.org> * patches/idresolver_fix.patch: Removed. Part of 6469266. * Makefile.am: (SECURITY_PATCHES): Add new ones. (SPECIAL_SECURITY_PATCH_1): Renamed from SPECIAL_SECURITY_PATCH. (SPECIAL_SECURITY_PATCH_2): Add 8009071, which needs to be applied after some AWT backports. (ICEDTEA_PATCHES): Use SPECIAL_SECURITY_PATCH_{1,2}. Move 8005615, 8007393 & 8007611 to SECURITY_PATCHES as must be applied before 8004584. Add 7171223 to end. * patches/openjdk/6307603-xrender-01.patch, * patches/openjdk/6469266-xmlsec_1.4.2.patch, * patches/openjdk/6656651-windows_lcd_glyphs.patch, * patches/openjdk/6786028-wcag_bold_tags.patch, * patches/openjdk/6786682-wcag_lang.patch, * patches/openjdk/6786688-wcag_table.patch, * patches/openjdk/6786690-wcag_dl.patch, * patches/openjdk/6802694-no_deprecated.patch, * patches/openjdk/6851834-restructure.patch, * patches/openjdk/6888167-medialib_memory_leaks.patch, * patches/openjdk/6961178-doclet_xml.patch, * patches/openjdk/6990754-use_native_memory_for_symboltable.patch, * patches/openjdk/7006270-regressions.patch, * patches/openjdk/7008809-report_class_in_arraystoreexception.patch, * patches/openjdk/7014851-unused_parallel_compaction_code.patch, * patches/openjdk/7017732-move_static_fields_to_class.patch, * patches/openjdk/7036747-elfstringtable.patch, * patches/openjdk/7086585-flexible_field_injection.patch, * patches/openjdk/7171223-strict_aliasing.patch, * patches/openjdk/7195301-no_instanceof_node.patch, * patches/security/20130618/6741606-apache_santuario.patch, * patches/security/20130618/7158805-nested_subroutine_rewriting.patch, * patches/security/20130618/7170730-windows_network_stack.patch, * patches/security/20130618/8000638-improve_deserialization.patch, * patches/security/20130618/8000642-better_transportation_handling.patch, * patches/security/20130618/8001032-restrict_object_access-corba.patch, * patches/security/20130618/8001032-restrict_object_access-jdk.patch, * patches/security/20130618/8001033-refactor_address_handling.patch, * patches/security/20130618/8001034-memory_management.patch, * patches/security/20130618/8001038-resourcefully_handle_resources.patch, * patches/security/20130618/8001043-clarify_definition_restrictions.patch, * patches/security/20130618/8001309-better_handling_of_annotation_interfaces.patch, * patches/security/20130618/8001318-6_fixup.patch, * patches/security/20130618/8001318-socket_getlocaladdress_consistency.patch, * patches/security/20130618/8001330-checking_order_improvement.patch, * patches/security/20130618/8001330-improve_checking_order.patch, * patches/security/20130618/8003703-update_rmi_connection_dialog.patch, * patches/security/20130618/8004584-augment_applet_contextualization.patch, * patches/security/20130618/8005007-better_glyph_processing.patch, * patches/security/20130618/8006328-6_fixup.patch, * patches/security/20130618/8006328-sound_class_robustness.patch, * patches/security/20130618/8006611-improve_scripting.patch, * patches/security/20130618/8007467-improve_jmx_internal_api_robustness.patch, * patches/security/20130618/8007471-6_fixup.patch, * patches/security/20130618/8007471-improve_mbean_notifications.patch, * patches/security/20130618/8007812-getenclosingmethod.patch, * patches/security/20130618/8008120-improve_jmx_class_checking.patch, * patches/security/20130618/8008124-better_compliance_testing.patch, * patches/security/20130618/8008128-better_jmx_api_coherence.patch, * patches/security/20130618/8008132-better_serialization.patch, * patches/security/20130618/8008585-jmx_data_handling.patch, * patches/security/20130618/8008593-better_urlclassloader.patch, * patches/security/20130618/8008603-jmx_provider_provision.patch, * patches/security/20130618/8008611-6_fixup.patch, * patches/security/20130618/8008611-jmx_annotations.patch, * patches/security/20130618/8008615-jmx_internal_api_robustness.patch, * patches/security/20130618/8008623-mbeanserver_handling.patch, * patches/security/20130618/8008744-6741606_rework.patch, * patches/security/20130618/8008982-jmx_interface_changes.patch, * patches/security/20130618/8009004-rmi_connection_improvement.patch, * patches/security/20130618/8009013-t2k_glyphs.patch, * patches/security/20130618/8009034-jmx_notification_improvement.patch, * patches/security/20130618/8009038-jmx_notification_support_improvement.patch, * patches/security/20130618/8009067-improve_key_storing.patch, * patches/security/20130618/8009071-improve_shape_handling.patch, * patches/security/20130618/8009235-improve_tsa_data_handling.patch, * patches/security/20130618/8009554-serialjavaobject.patch, * patches/security/20130618/8011243-improve_imaginglib.patch, * patches/security/20130618/8011248-better_component_rasters.patch, * patches/security/20130618/8011253-better_short_component_rasters.patch, * patches/security/20130618/8011257-better_byte_component_rasters.patch, * patches/security/20130618/8011557-improve_reflection.patch, * patches/security/20130618/8012375-javadoc_framing.patch, * patches/security/20130618/8012421-better_positioning.patch, * patches/security/20130618/8012438-better_image_validation.patch, * patches/security/20130618/8012597-better_image_channel_validation.patch, * patches/security/20130618/8012601-better_layout_validation.patch, * patches/security/20130618/8014281-better_xml_signature_checking.patch, * patches/security/20130618/8015997-more_javadoc_framing.patch, * patches/security/20130618/diamond_fix.patch, * patches/security/20130618/handle_npe.patch, * patches/security/20130618/hs_merge-01.patch, * patches/security/20130618/hs_merge-02.patch, * patches/security/20130618/hs_merge-03.patch, * patches/security/20130618/hs_merge-04.patch, * patches/security/20130618/javac_issue.patch, * patches/security/20130618/langtools_generics.patch, * patches/security/20130618/langtools_merge-01.patch, * patches/security/20130618/langtools_merge-02.patch, * patches/security/20130618/langtools_merge-03.patch: 2013/06/18 security patches.
author Andrew John Hughes <gnu.andrew@redhat.com>
date Sat, 22 Jun 2013 16:38:24 -0500
parents
children
line wrap: on
line source

# HG changeset patch
# User prr
# Date 1365450380 25200
# Node ID 02f545e014b0b73094bd295643f8b33965fe8bcf
# Parent  7024e2f3b69c998420d5d765c056048b8b6b5c2b
8011253: Better Short Component Rasters
Reviewed-by: bae, vadim, mschoene

diff --git a/src/share/classes/sun/awt/image/ShortBandedRaster.java b/src/share/classes/sun/awt/image/ShortBandedRaster.java
--- openjdk/jdk/src/share/classes/sun/awt/image/ShortBandedRaster.java
+++ openjdk/jdk/src/share/classes/sun/awt/image/ShortBandedRaster.java
@@ -156,7 +156,7 @@
             throw new RasterFormatException("ShortBandedRasters must have "+
                 "BandedSampleModels");
         }
-        verify(false);
+        verify();
     }
 
     /**
@@ -730,16 +730,30 @@
     }
 
     /**
-     * Verify that the layout parameters are consistent with
-     * the data.  If strictCheck
-     * is false, this method will check for ArrayIndexOutOfBounds conditions.  If
-     * strictCheck is true, this method will check for additional error
-     * conditions such as line wraparound (width of a line greater than
-     * the scanline stride).
-     * @return   String   Error string, if the layout is incompatible with
-     *                    the data.  Otherwise returns null.
+     * Verify that the layout parameters are consistent with the data.
+     * Verifies whether the data buffer has enough data for the raster,
+     * taking into account offsets, after ensuring all offsets are >=0.
+     * @throws RasterFormatException if a problem is detected.
      */
-    private void verify (boolean strictCheck) {
+    private void verify() {
+
+        /* Need to re-verify the dimensions since a sample model may be
+         * specified to the constructor
+         */
+        if (width <= 0 || height <= 0 ||
+            height > (Integer.MAX_VALUE / width))
+        {
+            throw new RasterFormatException("Invalid raster dimension");
+        }
+
+        if (scanlineStride < 0 ||
+            scanlineStride > (Integer.MAX_VALUE / height))
+        {
+            // integer overflow
+            throw new RasterFormatException("Incorrect scanline stride: "
+                    + scanlineStride);
+        }
+
         // Make sure data for Raster is in a legal range
         for (int i=0; i < dataOffsets.length; i++) {
             if (dataOffsets[i] < 0) {
@@ -749,19 +763,28 @@
             }
         }
 
-        int maxSize = 0;
-        int size;
+        int lastScanOffset = (height - 1) * scanlineStride;
+        int lastPixelOffset = lastScanOffset + (width-1);
+        if (lastPixelOffset < lastScanOffset) {
+            throw new RasterFormatException("Invalid raster dimension");
+        }
+
+        int maxIndex = 0;
+        int index;
 
         for (int i=0; i < numDataElements; i++) {
-            size = (height-1)*scanlineStride + (width-1) + dataOffsets[i];
-            if (size > maxSize) {
-                maxSize = size;
+            index = lastPixelOffset + dataOffsets[i];
+            if (index < lastPixelOffset) {
+                throw new RasterFormatException("Invalid raster dimension");
+            }
+            if (index > maxIndex) {
+                maxIndex = index;
             }
         }
         for (int i=0; i < numDataElements; i++) {
-            if (data[i].length < maxSize) {
-                throw new RasterFormatException("Data array too small (should be "+
-                                                maxSize+" )");
+            if (data[i].length <= maxIndex) {
+                throw new RasterFormatException("Data array too small " +
+                      "(should be > "+ maxIndex+" )");
             }
         }
     }
diff --git a/src/share/classes/sun/awt/image/ShortComponentRaster.java b/src/share/classes/sun/awt/image/ShortComponentRaster.java
--- openjdk/jdk/src/share/classes/sun/awt/image/ShortComponentRaster.java
+++ openjdk/jdk/src/share/classes/sun/awt/image/ShortComponentRaster.java
@@ -819,9 +819,6 @@
             }
         }
 
-        int maxSize = 0;
-        int size;
-
         // we can be sure that width and height are greater than 0
         if (scanlineStride < 0 ||
             scanlineStride > (Integer.MAX_VALUE / height))
@@ -847,21 +844,23 @@
         }
         lastPixelOffset += lastScanOffset;
 
+        int index;
+        int maxIndex = 0;
         for (int i = 0; i < numDataElements; i++) {
             if (dataOffsets[i] > (Integer.MAX_VALUE - lastPixelOffset)) {
                 throw new RasterFormatException("Incorrect band offset: "
                             + dataOffsets[i]);
             }
 
-            size = lastPixelOffset + dataOffsets[i];
+            index = lastPixelOffset + dataOffsets[i];
 
-            if (size > maxSize) {
-                maxSize = size;
+            if (index > maxIndex) {
+                maxIndex = index;
             }
         }
-        if (data.length < maxSize) {
-            throw new RasterFormatException("Data array too small (should be "
-                    + maxSize + " )");
+        if (data.length <= maxIndex) {
+            throw new RasterFormatException("Data array too small (should be > "
+                    + maxIndex + " )");
         }
     }