Mercurial > hg > release > icedtea6-1.8
view patches/security/20111018/7057857.patch @ 2161:7524f507af5c
Apply latest security patches.
2011-10-17 Andrew John Hughes <ahughes@redhat.com>
* Makefile.am: Add patches.
* NEWS: List security updates.
* patches/icedtea-rhino.patch: Change after 7046823 is applied.
* patches/icedtea-xjc.patch: Update against 7046794.
* patches/security/20111018/7000600.patch,
* patches/security/20111018/7019773.patch,
* patches/security/20111018/7023640.patch,
* patches/security/20111018/7032417.patch,
* patches/security/20111018/7046823.patch,
* patches/security/20111018/7055902.patch,
* patches/security/20111018/7057857.patch,
* patches/security/20111018/7064341.patch,
* patches/security/20111018/7083012.patch,
* patches/security/20111018/7096936.patch,
* patches/security/20111018/7046794.patch,
* patches/security/20111018/7077466.patch:
Add security patches.
author | Andrew John Hughes <ahughes@redhat.com> |
---|---|
date | Mon, 17 Oct 2011 15:40:23 +0100 |
parents | |
children |
line wrap: on
line source
diff -Nru openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp --- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp 2011-02-28 16:06:44.000000000 +0000 +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp 2011-10-13 17:41:45.478579404 +0100 @@ -1088,11 +1088,14 @@ uint size3 = suffix * 3; if (suffix == 0) continue; // done with empty string chars.malloc(size3); + CHECK; byte* chp = chars.ptr; band saved_band = cp_Utf8_big_chars; cp_Utf8_big_chars.readData(suffix); + CHECK; for (int j = 0; j < suffix; j++) { unsigned short ch = cp_Utf8_big_chars.getInt(); + CHECK; chp = store_Utf8_char(chp, ch); } chars.realloc(chp - chars.ptr); @@ -1110,10 +1113,12 @@ CHECK; int prevlen = 0; // previous string length (in chars) tmallocs.add(bigbuf.ptr); // free after this block + CHECK; cp_Utf8_prefix.rewind(); for (i = 0; i < len; i++) { bytes& chars = allsuffixes[i]; int prefix = (i < PREFIX_SKIP_2)? 0: cp_Utf8_prefix.getInt(); + CHECK; int suffix = chars.len; byte* fillp; // by induction, the buffer is already filled with the prefix diff -Nru openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp --- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp 2011-02-28 16:06:44.000000000 +0000 +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp 2011-10-13 17:41:34.246401808 +0100 @@ -52,7 +52,7 @@ if (msize >= 0 && msize < sizeof(int)) msize = sizeof(int); // see 0xbaadf00d below #endif - void* ptr = (msize > PSIZE_MAX) ? null : malloc(msize); + void* ptr = (msize > PSIZE_MAX || msize <= 0) ? null : malloc(msize); if (ptr != null) { memset(ptr, 0, size); } else { diff -Nru openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/utils.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.h --- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/utils.h 2011-02-28 16:06:44.000000000 +0000 +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.h 2011-10-13 17:41:34.250401872 +0100 @@ -33,7 +33,7 @@ #endif // overflow management -#define OVERFLOW ((size_t)-1) +#define OVERFLOW ((uint)-1) #define PSIZE_MAX (OVERFLOW/2) /* normal size limit */ inline size_t scale_size(size_t size, size_t scale) {