Mercurial > hg > release > icedtea6-1.2

view patches/icedtea-6804996.patch @ 880:2b66e5f1a1de default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add last two batches of security patches.
author andrew
date Mon, 29 Mar 2010 22:00:07 +0100
parents
children
line wrap: on
line source

--- old/src/share/native/sun/awt/splashscreen/splashscreen_gif.c	Thu Mar  5 16:18:35 2009
+++ openjdk/jdk/src/share/native/sun/awt/splashscreen/splashscreen_gif.c	Thu Mar  5 16:18:34 2009
@@ -53,10 +53,6 @@
 // convert libungif samples to our ones
 #define MAKE_QUAD_GIF(c,a) MAKE_QUAD((c).Red, (c).Green, (c).Blue, (a))
 
-#define SAFE_TO_ALLOC(c, sz)                                               \
-    (((c) > 0) && ((sz) > 0) &&                                            \
-     ((0xffffffffu / ((unsigned int)(c))) > (unsigned int)(sz)))
-
 /* stdio FILE* and memory input functions for libungif */
 int
 SplashStreamGifInputFunc(GifFileType * gif, GifByteType * buf, int n)
--- old/src/share/native/sun/awt/splashscreen/splashscreen_impl.h	Thu Mar  5 16:18:38 2009
+++ openjdk/jdk/src/share/native/sun/awt/splashscreen/splashscreen_impl.h	Thu Mar  5 16:18:37 2009
@@ -155,6 +155,10 @@
 
 void SplashInitFrameShape(Splash * splash, int imageIndex);
 
+#define SAFE_TO_ALLOC(c, sz)                                               \
+    (((c) > 0) && ((sz) > 0) &&                                            \
+     ((0xffffffffu / ((unsigned int)(c))) > (unsigned int)(sz)))
+
 #define dbgprintf printf
 
 #endif
--- old/src/share/native/sun/awt/splashscreen/splashscreen_png.c	Thu Mar  5 16:18:41 2009
+++ openjdk/jdk/src/share/native/sun/awt/splashscreen/splashscreen_png.c	Thu Mar  5 16:18:40 2009
@@ -103,9 +103,17 @@
 
     rowbytes = png_get_rowbytes(png_ptr, info_ptr);
 
+    if (!SAFE_TO_ALLOC(rowbytes, height)) {
+        goto done;
+    }
+
     if ((image_data = (unsigned char *) malloc(rowbytes * height)) == NULL) {
         goto done;
     }
+
+    if (!SAFE_TO_ALLOC(height, sizeof(png_bytep))) {
+        goto done;
+    }
     if ((row_pointers = (png_bytepp) malloc(height * sizeof(png_bytep)))
             == NULL) {
         goto done;
@@ -121,13 +129,28 @@
     splash->width = width;
     splash->height = height;
 
+    if (!SAFE_TO_ALLOC(splash->width, splash->imageFormat.depthBytes)) {
+        goto done;
+    }
     stride = splash->width * splash->imageFormat.depthBytes;
 
+    if (!SAFE_TO_ALLOC(splash->height, stride)) {
+        goto done;
+    }
     splash->frameCount = 1;
     splash->frames = (SplashImage *)
         malloc(sizeof(SplashImage) * splash->frameCount);
+
+    if (splash->frames == NULL) {
+        goto done;
+    }
+
     splash->loopCount = 1;
     splash->frames[0].bitmapBits = malloc(stride * splash->height);
+    if (splash->frames[0].bitmapBits == NULL) {
+        free(splash->frames);
+        goto done;
+    }
     splash->frames[0].delay = 0;
 
     /* FIXME: sort out the real format */