Mercurial > hg > release > icedtea6-1.5
view patches/security/icedtea-6862968.patch @ 1576:dc4494777bad
Add latest security updates.
2009-11-09 Andrew John Hughes <ahughes@redhat.com>
* Makefile.am:
Add remaining security patches.
* NEWS: Updated with security patches.
* patches/security/icedtea-6631533.patch,
* patches/security/icedtea-6632445.patch,
* patches/security/icedtea-6636650.patch,
* patches/security/icedtea-6657026.patch,
* patches/security/icedtea-6657138.patch,
* patches/security/icedtea-6664512.patch,
* patches/security/icedtea-6822057.patch,
* patches/security/icedtea-6824265.patch,
* patches/security/icedtea-6861062.patch,
* patches/security/icedtea-6872358.patch:
New security patches.
author | Andrew John Hughes <ahughes@redhat.com> |
---|---|
date | Mon, 09 Nov 2009 16:58:51 +0000 |
parents | 662422897e63 |
children |
line wrap: on
line source
--- old/src/share/native/sun/awt/image/jpeg/imageioJPEG.c 2009-07-29 13:28:11.272200000 +0400 +++ openjdk/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c 2009-07-29 13:28:10.710600000 +0400 @@ -685,6 +685,10 @@ #ifdef DEBUG printf("in setQTables, qlen = %d, write is %d\n", qlen, write); #endif + if (qlen > NUM_QUANT_TBLS) { + /* Ignore extra qunterization tables. */ + qlen = NUM_QUANT_TBLS; + } for (i = 0; i < qlen; i++) { table = (*env)->GetObjectArrayElement(env, qtables, i); qdata = (*env)->GetObjectField(env, table, JPEGQTable_tableID); @@ -736,6 +740,11 @@ hlensBody = (*env)->GetShortArrayElements(env, huffLens, NULL); + if (hlensLen > 16) { + /* Ignore extra elements of bits array. Only 16 elements can be + stored. 0-th element is not used. (see jpeglib.h, line 107) */ + hlensLen = 16; + } for (i = 1; i <= hlensLen; i++) { huff_ptr->bits[i] = (UINT8)hlensBody[i-1]; } @@ -752,6 +761,11 @@ huffValues, NULL); + if (hvalsLen > 256) { + /* Ignore extra elements of hufval array. Only 256 elements + can be stored. (see jpeglib.h, line 109) */ + hlensLen = 256; + } for (i = 0; i < hvalsLen; i++) { huff_ptr->huffval[i] = (UINT8)hvalsBody[i]; } @@ -772,6 +786,11 @@ j_compress_ptr comp; j_decompress_ptr decomp; jsize hlen = (*env)->GetArrayLength(env, DCHuffmanTables); + + if (hlen > NUM_HUFF_TBLS) { + /* Ignore extra DC huffman tables. */ + hlen = NUM_HUFF_TBLS; + } for (i = 0; i < hlen; i++) { if (cinfo->is_decompressor) { decomp = (j_decompress_ptr) cinfo; @@ -793,6 +812,10 @@ huff_ptr->sent_table = !write; } hlen = (*env)->GetArrayLength(env, ACHuffmanTables); + if (hlen > NUM_HUFF_TBLS) { + /* Ignore extra AC huffman tables. */ + hlen = NUM_HUFF_TBLS; + } for (i = 0; i < hlen; i++) { if (cinfo->is_decompressor) { decomp = (j_decompress_ptr) cinfo;