OpenJDK / amber / amber
changeset 9850:2689977af15b
7020198: ImageIcon creates Component with null acc
Reviewed-by: rupashka, hawtin
| author | alexp |
|---|---|
| date | Wed, 04 May 2011 11:35:46 -0700 |
| parents | 1051c04ab0b1 |
| children | 23bd656b112e |
| files | jdk/src/share/classes/javax/swing/ImageIcon.java |
| diffstat | 1 files changed, 31 insertions(+), 13 deletions(-) [+] |
line wrap: on
line diff
--- a/jdk/src/share/classes/javax/swing/ImageIcon.java Wed Apr 27 19:23:13 2011 -0700 +++ b/jdk/src/share/classes/javax/swing/ImageIcon.java Wed May 04 11:35:46 2011 -0700 @@ -40,8 +40,7 @@ import sun.awt.AppContext; import java.lang.reflect.Field; -import java.security.PrivilegedAction; -import java.security.AccessController; +import java.security.*; /** * An implementation of the Icon interface that paints Icons @@ -81,32 +80,51 @@ ImageObserver imageObserver; String description = null; + // Fields for twisted backward compatibility only. DO NOT USE. protected final static Component component; protected final static MediaTracker tracker; static { - component = new Component() {}; - AccessController.doPrivileged(new PrivilegedAction<Object>() { - public Object run() { + component = AccessController.doPrivileged(new PrivilegedAction<Component>() { + public Component run() { try { + final Component component = createNoPermsComponent(); + // 6482575 - clear the appContext field so as not to leak it Field appContextField = - Component.class.getDeclaredField("appContext"); + + Component.class.getDeclaredField("appContext"); appContextField.setAccessible(true); appContextField.set(component, null); + + return component; + } catch (Throwable e) { + // We don't care about component. + // So don't prevent class initialisation. + e.printStackTrace(); + return null; } - catch (NoSuchFieldException e) { - e.printStackTrace(); - } - catch (IllegalAccessException e) { - e.printStackTrace(); - } - return null; } }); tracker = new MediaTracker(component); } + private static Component createNoPermsComponent() { + // 7020198 - set acc field to no permissions and no subject + // Note, will have appContext set. + return AccessController.doPrivileged( + new PrivilegedAction<Component>() { + public Component run() { + return new Component() { + }; + } + }, + new AccessControlContext(new ProtectionDomain[]{ + new ProtectionDomain(null, null) + }) + ); + } + /** * Id used in loading images from MediaTracker. */