changeset 1835:689874730539

6874643: ImageI/O JPEG is vulnerable to Heap Overflow Reviewed-by: prr, hawtin
author bae
date Thu, 10 Sep 2009 12:26:34 +0400
parents f3e42d3bb311
children 34cc7663e7b8
files src/share/native/sun/awt/image/jpeg/imageioJPEG.c
diffstat 1 files changed, 7 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/native/sun/awt/image/jpeg/imageioJPEG.c	Sat Sep 05 07:55:05 2009 -0700
+++ b/src/share/native/sun/awt/image/jpeg/imageioJPEG.c	Thu Sep 10 12:26:34 2009 +0400
@@ -1833,6 +1833,13 @@
         return JNI_FALSE;
     }
 
+    if (stepX > cinfo->image_width) {
+        stepX = cinfo->image_width;
+    }
+    if (stepY > cinfo->image_height) {
+        stepY = cinfo->image_height;
+    }
+
     /*
      * First get the source bands array and copy it to our local array
      * so we don't have to worry about pinning and unpinning it again.