Mercurial > hg > release > icedtea6-1.8

view patches/security/20111018/7057857.patch @ 2161:7524f507af5c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Apply latest security patches. 2011-10-17 Andrew John Hughes <ahughes@redhat.com> * Makefile.am: Add patches. * NEWS: List security updates. * patches/icedtea-rhino.patch: Change after 7046823 is applied. * patches/icedtea-xjc.patch: Update against 7046794. * patches/security/20111018/7000600.patch, * patches/security/20111018/7019773.patch, * patches/security/20111018/7023640.patch, * patches/security/20111018/7032417.patch, * patches/security/20111018/7046823.patch, * patches/security/20111018/7055902.patch, * patches/security/20111018/7057857.patch, * patches/security/20111018/7064341.patch, * patches/security/20111018/7083012.patch, * patches/security/20111018/7096936.patch, * patches/security/20111018/7046794.patch, * patches/security/20111018/7077466.patch: Add security patches.
author Andrew John Hughes <ahughes@redhat.com>
date Mon, 17 Oct 2011 15:40:23 +0100
parents
children
line wrap: on
line source

diff -Nru openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
--- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp	2011-02-28 16:06:44.000000000 +0000
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp	2011-10-13 17:41:45.478579404 +0100
@@ -1088,11 +1088,14 @@
     uint size3 = suffix * 3;
     if (suffix == 0)  continue;  // done with empty string
     chars.malloc(size3);
+    CHECK;
     byte* chp = chars.ptr;
     band saved_band = cp_Utf8_big_chars;
     cp_Utf8_big_chars.readData(suffix);
+    CHECK;
     for (int j = 0; j < suffix; j++) {
       unsigned short ch = cp_Utf8_big_chars.getInt();
+      CHECK;
       chp = store_Utf8_char(chp, ch);
     }
     chars.realloc(chp - chars.ptr);
@@ -1110,10 +1113,12 @@
   CHECK;
   int prevlen = 0;  // previous string length (in chars)
   tmallocs.add(bigbuf.ptr);  // free after this block
+  CHECK;
   cp_Utf8_prefix.rewind();
   for (i = 0; i < len; i++) {
     bytes& chars = allsuffixes[i];
     int prefix = (i < PREFIX_SKIP_2)? 0: cp_Utf8_prefix.getInt();
+    CHECK;
     int suffix = chars.len;
     byte* fillp;
     // by induction, the buffer is already filled with the prefix
diff -Nru openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
--- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp	2011-02-28 16:06:44.000000000 +0000
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp	2011-10-13 17:41:34.246401808 +0100
@@ -52,7 +52,7 @@
   if (msize >= 0 && msize < sizeof(int))
     msize = sizeof(int);  // see 0xbaadf00d below
   #endif
-  void* ptr = (msize > PSIZE_MAX) ? null : malloc(msize);
+  void* ptr = (msize > PSIZE_MAX || msize <= 0) ? null : malloc(msize);
   if (ptr != null) {
     memset(ptr, 0, size);
   } else {
diff -Nru openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/utils.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.h
--- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/utils.h	2011-02-28 16:06:44.000000000 +0000
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.h	2011-10-13 17:41:34.250401872 +0100
@@ -33,7 +33,7 @@
 #endif
 
 // overflow management
-#define OVERFLOW ((size_t)-1)
+#define OVERFLOW ((uint)-1)
 #define PSIZE_MAX (OVERFLOW/2)  /* normal size limit */
 
 inline size_t scale_size(size_t size, size_t scale) {