Mercurial > hg > release > icedtea6-1.5

view patches/security/icedtea-6862968.patch @ 1576:dc4494777bad

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add latest security updates. 2009-11-09 Andrew John Hughes <ahughes@redhat.com> * Makefile.am: Add remaining security patches. * NEWS: Updated with security patches. * patches/security/icedtea-6631533.patch, * patches/security/icedtea-6632445.patch, * patches/security/icedtea-6636650.patch, * patches/security/icedtea-6657026.patch, * patches/security/icedtea-6657138.patch, * patches/security/icedtea-6664512.patch, * patches/security/icedtea-6822057.patch, * patches/security/icedtea-6824265.patch, * patches/security/icedtea-6861062.patch, * patches/security/icedtea-6872358.patch: New security patches.
author Andrew John Hughes <ahughes@redhat.com>
date Mon, 09 Nov 2009 16:58:51 +0000
parents 662422897e63
children
line wrap: on
line source

--- old/src/share/native/sun/awt/image/jpeg/imageioJPEG.c	2009-07-29 13:28:11.272200000 +0400
+++ openjdk/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c	2009-07-29 13:28:10.710600000 +0400
@@ -685,6 +685,10 @@
 #ifdef DEBUG
     printf("in setQTables, qlen = %d, write is %d\n", qlen, write);
 #endif
+    if (qlen > NUM_QUANT_TBLS) {
+        /* Ignore extra qunterization tables. */
+        qlen = NUM_QUANT_TBLS;
+    }
     for (i = 0; i < qlen; i++) {
         table = (*env)->GetObjectArrayElement(env, qtables, i);
         qdata = (*env)->GetObjectField(env, table, JPEGQTable_tableID);
@@ -736,6 +740,11 @@
     hlensBody = (*env)->GetShortArrayElements(env,
                                               huffLens,
                                               NULL);
+    if (hlensLen > 16) {
+        /* Ignore extra elements of bits array. Only 16 elements can be
+           stored. 0-th element is not used. (see jpeglib.h, line 107)  */
+        hlensLen = 16;
+    }
     for (i = 1; i <= hlensLen; i++) {
         huff_ptr->bits[i] = (UINT8)hlensBody[i-1];
     }
@@ -752,6 +761,11 @@
                                               huffValues,
                                               NULL);
 
+    if (hvalsLen > 256) {
+        /* Ignore extra elements of hufval array. Only 256 elements
+           can be stored. (see jpeglib.h, line 109)                  */
+        hlensLen = 256;
+    }
     for (i = 0; i < hvalsLen; i++) {
         huff_ptr->huffval[i] = (UINT8)hvalsBody[i];
     }
@@ -772,6 +786,11 @@
     j_compress_ptr comp;
     j_decompress_ptr decomp;
     jsize hlen = (*env)->GetArrayLength(env, DCHuffmanTables);
+
+    if (hlen > NUM_HUFF_TBLS) {
+        /* Ignore extra DC huffman tables. */
+        hlen = NUM_HUFF_TBLS;
+    }
     for (i = 0; i < hlen; i++) {
         if (cinfo->is_decompressor) {
             decomp = (j_decompress_ptr) cinfo;
@@ -793,6 +812,10 @@
         huff_ptr->sent_table = !write;
     }
     hlen = (*env)->GetArrayLength(env, ACHuffmanTables);
+    if (hlen > NUM_HUFF_TBLS) {
+        /* Ignore extra AC huffman tables. */
+        hlen = NUM_HUFF_TBLS;
+    }
     for (i = 0; i < hlen; i++) {
         if (cinfo->is_decompressor) {
             decomp = (j_decompress_ptr) cinfo;