Mercurial > hg > release > icedtea6-1.9

view patches/security/20111018/7000600.patch @ 2352:941103576384

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add first batch of security patches. S7000600, CVE-2011-3547: InputStream skip() information leak S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine S7055902, CVE-2011-3521: IIOP deserialization code execution S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks S7064341, CVE-2011-3389: JSSE S7070134, CVE-2011-3558: Hotspot unspecified issue S7077466, CVE-2011-3556: RMI DGC server remote code execution S7083012, CVE-2011-3557: RMI registry privileged code execution S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection 2011-10-13 Andrew John Hughes <ahughes@redhat.com> * Makefile.am: Add patches. * NEWS: List security updates. * patches/icedtea-rhino.patch: Change after 7046823 is applied. * patches/security/20111018/7000600.patch, * patches/security/20111018/7019773.patch, * patches/security/20111018/7023640.patch, * patches/security/20111018/7032417.patch, * patches/security/20111018/7046823.patch, * patches/security/20111018/7055902.patch, * patches/security/20111018/7057857.patch, * patches/security/20111018/7064341.patch, * patches/security/20111018/7070134.patch, * patches/security/20111018/7083012.patch, * patches/security/20111018/7096936.patch: First batch of security patches.
author Andrew John Hughes <ahughes@redhat.com>
date Thu, 13 Oct 2011 15:04:46 +0100
parents
children
line wrap: on
line source

--- openjdk/jdk/src/share/classes/java/io/InputStream.java	Wed Jul 13 15:37:05 2011
+++ openjdk/jdk/src/share/classes/java/io/InputStream.java	Wed Jul 13 15:37:02 2011
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1994, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1994, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,10 +44,9 @@
  */
 public abstract class InputStream implements Closeable {
 
-    // SKIP_BUFFER_SIZE is used to determine the size of skipBuffer
-    private static final int SKIP_BUFFER_SIZE = 2048;
-    // skipBuffer is initialized in skip(long), if needed.
-    private static byte[] skipBuffer;
+    // MAX_SKIP_BUFFER_SIZE is used to determine the maximum buffer skip to
+    // use when skipping.
+    private static final int MAX_SKIP_BUFFER_SIZE = 2048;
 
     /**
      * Reads the next byte of data from the input stream. The value byte is
@@ -212,18 +211,15 @@
 
         long remaining = n;
         int nr;
-        if (skipBuffer == null)
-            skipBuffer = new byte[SKIP_BUFFER_SIZE];
-
-        byte[] localSkipBuffer = skipBuffer;
 
         if (n <= 0) {
             return 0;
         }
 
+        int size = (int)Math.min(MAX_SKIP_BUFFER_SIZE, remaining);
+        byte[] skipBuffer = new byte[size];
         while (remaining > 0) {
-            nr = read(localSkipBuffer, 0,
-                      (int) Math.min(SKIP_BUFFER_SIZE, remaining));
+            nr = read(skipBuffer, 0, (int)Math.min(size, remaining));
             if (nr < 0) {
                 break;
             }