Mercurial > hg > release > icedtea7-forest-2.1 > jdk
changeset 1931:689874730539
6874643: ImageI/O JPEG is vulnerable to Heap Overflow
Reviewed-by: prr, hawtin
author | bae |
---|---|
date | Thu, 10 Sep 2009 12:26:34 +0400 |
parents | f3e42d3bb311 |
children | 34cc7663e7b8 |
files | src/share/native/sun/awt/image/jpeg/imageioJPEG.c |
diffstat | 1 files changed, 7 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/native/sun/awt/image/jpeg/imageioJPEG.c Sat Sep 05 07:55:05 2009 -0700 +++ b/src/share/native/sun/awt/image/jpeg/imageioJPEG.c Thu Sep 10 12:26:34 2009 +0400 @@ -1833,6 +1833,13 @@ return JNI_FALSE; } + if (stepX > cinfo->image_width) { + stepX = cinfo->image_width; + } + if (stepY > cinfo->image_height) { + stepY = cinfo->image_height; + } + /* * First get the source bands array and copy it to our local array * so we don't have to worry about pinning and unpinning it again.