changeset 8222:0ab73c666381 8u25-b06

Automated merge with ssh://hg.openjdk.java.net/openjfx/8u20/rt
author kcr
date Wed, 02 Jul 2014 10:24:55 -0700
parents 84eeb1f71882 bc76a5fa28c1
children 660c9254e3d9
files .hgtags
diffstat 14 files changed, 227 insertions(+), 74 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Wed Jul 02 07:51:48 2014 -0700
+++ b/.hgtags	Wed Jul 02 10:24:55 2014 -0700
@@ -142,17 +142,34 @@
 322eef9ee91216cf6904d9ef13b857b5770db5f0 8u5-b11
 32bf1d506829f6cf080c1b26208e08e76e553292 8u5-b12
 619edda5595cc54b5dd1f40131abe123ba180b04 8u5-b13
+fce8143d70a740004bc63a629e62c019e3aeb18c 8u11-b01
+9b4e7bf75dcf8e85ef7193d49d324859f3105fca 8u11-b02
+0c7886b87d6a0210d399a70bcb4d318f90b035ba 8u11-b03
+c5a09fa0a5fa99338ade1c1823919a577f29f1d0 8u11-b04
 d7e80f499365af8cca1ec29443fc9adb5aad598f 8u20-b08
 4e6e6ad7ad1dc350d9590ba8c0f9ab90aa6c73e0 8u20-b09
 3438cbe3ac87e05ac434f521dec1031145b1edfd 8u20-b10
 685555d888600419d4ed90a49c5f53dd0fd51f31 8u20-b11
+4ea3d1288e0758d55f9df08963fc44399f42d714 8u11-b05
 38c1ea45f8be2fc62b9eaefc4e37a21bb394a002 8u20-b12
+3a4c5c6fe2f19404f36d3c49dcdecf365623408d 8u11-b06
 abc855ae09c05e73558e37174ae6b9c74bcb10d8 8u20-b13
+ede0ed1b9adc5cddd817e2a8589c665646069a8d 8u11-b07
 65e094638f34e6a59fc93a39c4ee2f4b23f80e4a 8u20-b14
+fad363ad75526effb93ac79e64f6d7d7d89b1593 8u11-b08
 674e7c021c373fe3e7a7d2a45b8cf0e7dec95c01 8u20-b15
+300e8d2c5c6aa0afb01c9bd960d6de82f4461e66 8u11-b09
 9425ba418764f6b82bb46bc7113760b680560381 8u20-b16
+d25bb186c36c326a8712258885fb20732289d2e2 8u11-b10
 3308d6a77846e3dedc1beb2952984f5b8572202a 8u20-b17
+1d1807c06caa45954f37b199f18e3f4db99ea93f 8u11-b11
 63955f844c0c5c171e8a71b28cbf56ee167a05f7 8u20-b18
+214fa814e8790bb691c7c469b70265c40c49ed60 8u11-b12
 54a8fee7f46e982e31cecde8e420dbb40014b814 8u20-b19
+cb020d568ab201ec47cca5b02522e4e10450dd35 8u25-b01
 c771f928a886c75edcb9ce6d3185b27988997061 8u20-b20
+6c282cc7085f4689605e9f2dd16c1b1b72e9c72e 8u25-b02
 dab88dec3067cd90b67561841c0eb48c5fd58547 8u20-b21
+ea5b29a762178b9a4add26b177cf9412c32bead1 8u25-b03
+3c701047594b7f7b96cace7684a978f9290bf961 8u25-b04
+c2e5db10e5de446ddaceb23a653ae3197c8c5426 8u25-b05
--- a/build.properties	Wed Jul 02 07:51:48 2014 -0700
+++ b/build.properties	Wed Jul 02 10:24:55 2014 -0700
@@ -33,10 +33,10 @@
 jfx.release.milestone=ea
 # Note: For fcs builds the suffix should be blank
 jfx.release.suffix=-ea
-jfx.release.name=8u20
+jfx.release.name=8u25
 jfx.release.major.version=8
 jfx.release.minor.version=0
-jfx.release.micro.version=20
+jfx.release.micro.version=25
 
 ##############################################################################
 #
--- a/modules/fxpackager/src/main/native/launcher/win/WinLauncher.cpp	Wed Jul 02 07:51:48 2014 -0700
+++ b/modules/fxpackager/src/main/native/launcher/win/WinLauncher.cpp	Wed Jul 02 10:24:55 2014 -0700
@@ -37,6 +37,7 @@
 #include <memory.h>
 #include <direct.h>
 #include <process.h>
+#include <string>
 
 #include "jni.h"
 
@@ -64,6 +65,8 @@
         java.exe launcher implementation.
 */
 
+using namespace std;
+
 //TODO:
 //  Ideally we should be detecting max path length in runtime and reporting error
 // if package was installed too deep in the file hierarchy.
@@ -309,28 +312,17 @@
  *         pattern with the replaceWith string
  */
 TCHAR *replaceStr(TCHAR *str, TCHAR *pattern, TCHAR *replaceWith) {
-    TCHAR buffer[MAX_PATH*2] = {0};
-    TCHAR *p;
+    wstring target = str;
+    wstring lpattern = pattern;
 
-    //Return orig if str is not in orig.
-    if(!(p = wcsstr(str, pattern))) {
-        return wcsdup(str);
+    size_t location = target.find(pattern);
+
+    if (location != wstring::npos) {
+        wstring lreplaceWith = replaceWith;
+        target.replace(location, lpattern.length(), lreplaceWith);
     }
 
-    int loc = p-str;
-    if (loc >= sizeof(buffer)) {
-        return wcsdup(str);
-    }
-
-    wcsncpy(buffer, str, loc); // Copy characters from 'str' start to 'orig' st$
-    buffer[loc] = 0x0000;
-
-    int remaingBufferSize = sizeof(buffer) - loc;
-    int len = _snwprintf(buffer+(loc), remaingBufferSize, _T("%s%s"), replaceWith, p + wcslen(pattern));
-    if(len > remaingBufferSize ) {
-        return wcsdup(str);
-    }
-    return wcsdup(buffer);
+    return wcsdup(target.c_str());
 }
 
 
@@ -402,7 +394,7 @@
     return strdup(argvalueASCII);
 }
 
-/* 
+/*
  * Concatenate the JVMUserArg into a single string
  */
 char* JVMUserArg_toString(TCHAR* basedir, JVMUserArg arg, int freeMemory) {
@@ -477,11 +469,11 @@
         ch = key[index];
         if (ch == '/') {
             if ((index + 1) < len &&
-                (key[index+1] >= 'A' && key[index+1] <= 'Z')) { 
+                (key[index+1] >= 'A' && key[index+1] <= 'Z')) {
                     *windowsName = key[index+1];
                     index++;
             }
-            else if ((index + 1) < len && (key[index+1] == '/')) { 
+            else if ((index + 1) < len && (key[index+1] == '/')) {
                 *windowsName = '\\';
                 index++;
             }
@@ -514,7 +506,7 @@
     wcscat(buf, p);
     LONG success = RegOpenKeyEx(HKEY_CURRENT_USER, buf, 0, KEY_READ | KEY_WRITE, hKey);
     if (success == ERROR_FILE_NOT_FOUND) {
-        success = RegCreateKeyEx(HKEY_CURRENT_USER, buf, 0L, NULL, REG_OPTION_NON_VOLATILE, 
+        success = RegCreateKeyEx(HKEY_CURRENT_USER, buf, 0L, NULL, REG_OPTION_NON_VOLATILE,
             KEY_QUERY_VALUE | KEY_SET_VALUE , NULL, hKey, NULL);
     }
     return success;
@@ -543,7 +535,7 @@
             else if (success == ERROR_FILE_NOT_FOUND) {
                 TCHAR *regValueName = convertKeyToWinReg(arg->value);
                 if (regValueName != NULL) {
-                    success = RegSetValueEx(hKey, regOptionName, NULL, 
+                    success = RegSetValueEx(hKey, regOptionName, NULL,
                         REG_SZ, (LPBYTE) regValueName, (wcslen(regValueName)+1)*sizeof(TCHAR));
                     free(regValueName);
                 }
@@ -730,7 +722,7 @@
         }
     } while (found && idx < MAX_OPTIONS);
 
-	cnt = addUserOptions(basedir, options, cnt);
+    cnt = addUserOptions(basedir, options, cnt);
 
     jvmArgs.version = 0x00010002;
     jvmArgs.options = options;
--- a/modules/graphics/src/main/java/com/sun/javafx/font/FontFactory.java	Wed Jul 02 07:51:48 2014 -0700
+++ b/modules/graphics/src/main/java/com/sun/javafx/font/FontFactory.java	Wed Jul 02 10:24:55 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,6 +28,8 @@
 import java.io.InputStream;
 
 public interface FontFactory {
+    public static final String DEFAULT_FULLNAME = "System Regular";
+
     public PGFont createFont(String name, float size);
     public PGFont createFont(String family,
                              boolean bold, boolean italic, float size);
@@ -50,6 +52,11 @@
     public String[] getFontFullNames();
     public String[] getFontFullNames(String family);
 
+    /*
+     * Indicates permission to load an embedded font
+     */
+    public boolean hasPermission();
+
     /**
      * Loads a font from the specified input stream.
      * If the load is successful such that the stream can be
--- a/modules/graphics/src/main/java/com/sun/javafx/font/PrismFontFactory.java	Wed Jul 02 07:51:48 2014 -0700
+++ b/modules/graphics/src/main/java/com/sun/javafx/font/PrismFontFactory.java	Wed Jul 02 10:24:55 2014 -0700
@@ -26,6 +26,7 @@
 package com.sun.javafx.font;
 
 import java.security.AccessController;
+import java.security.AllPermission;
 import java.security.PrivilegedAction;
 import java.security.PrivilegedExceptionAction;
 import java.io.File;
@@ -158,7 +159,7 @@
         return null;
     }
 
-    static PrismFontFactory theFontFactory = null;
+    private static PrismFontFactory theFontFactory = null;
     public static synchronized PrismFontFactory getFontFactory() {
         if (theFontFactory != null) {
             return theFontFactory;
@@ -233,13 +234,13 @@
     // For an caller who has recognised a TTC file and wants to create
     // the instances one at a time so as to have visibility into the
     // contents of the TTC. Onus is on caller to enumerate all the fonts.
-    PrismFontFile createFontResource(String filename, int index) {
+    private PrismFontFile createFontResource(String filename, int index) {
         return createFontResource(filename, index, true, false, false, false);
     }
 
-    PrismFontFile createFontResource(String filename, int index,
-                                     boolean register, boolean embedded,
-                                     boolean copy, boolean tracked) {
+    private PrismFontFile createFontResource(String filename, int index,
+                                             boolean register, boolean embedded,
+                                             boolean copy, boolean tracked) {
         String key = (filename+index).toLowerCase();
         PrismFontFile fr = fileNameToFontResourceMap.get(key);
         if (fr != null) {
@@ -262,15 +263,15 @@
         }
     }
 
-    PrismFontFile createFontResource(String name, String filename) {
+    private PrismFontFile createFontResource(String name, String filename) {
         return createFontResource(name, filename, true, false, false, false);
     }
 
-    PrismFontFile createFontResource(String name, String filename,
-                                     boolean register,
-                                     boolean embedded,
-                                     boolean copy,
-                                     boolean tracked) {
+    private PrismFontFile createFontResource(String name, String filename,
+                                             boolean register,
+                                             boolean embedded,
+                                             boolean copy,
+                                             boolean tracked) {
         if (filename == null) {
             return null;
         } else {
@@ -319,7 +320,7 @@
         }
     }
 
-    String dotStyleStr(boolean bold, boolean italic) {
+    private String dotStyleStr(boolean bold, boolean italic) {
         if (!bold) {
             if (!italic) {
                 return "";
@@ -337,7 +338,7 @@
         }
     }
 
-    void storeInMap(String name, FontResource resource) {
+    private void storeInMap(String name, FontResource resource) {
         if (name == null || resource == null) {
             return;
         }
@@ -350,13 +351,13 @@
         fontResourceMap.put(name.toLowerCase(), resource);
     }
 
-    ArrayList<WeakReference<PrismFontFile>> tmpFonts;
+    private ArrayList<WeakReference<PrismFontFile>> tmpFonts;
     synchronized void addDecodedFont(PrismFontFile fr) {
         fr.setIsDecoded(true);
         addTmpFont(fr);
     }
 
-    synchronized void addTmpFont(PrismFontFile fr) {
+    private synchronized void addTmpFont(PrismFontFile fr) {
         if (tmpFonts == null) {
             tmpFonts = new ArrayList<WeakReference<PrismFontFile>>();
         }
@@ -568,7 +569,7 @@
             fr = getFontResource(name, null, true);
         }
         if (fr == null) {
-            return LogicalFont.getLogicalFont("System Regular", size);
+            return LogicalFont.getLogicalFont(DEFAULT_FULLNAME, size);
         }
         return new PrismFont(fr, fr.getFullName(), size);
     }
@@ -621,7 +622,7 @@
         return new PrismFont(fr, fr.getFullName(), size);
     }
 
-    FontResource lookupResource(String lcName, boolean wantComp) {
+    private FontResource lookupResource(String lcName, boolean wantComp) {
         if (wantComp) {
             return compResourceMap.get(lcName);
         } else {
@@ -902,14 +903,14 @@
 
 
     /* For a terminal server there may be two font directories */
-    static String sysFontDir = null;
-    static String userFontDir = null;
+    private static String sysFontDir = null;
+    private static String userFontDir = null;
 
     private static native byte[] getFontPath();
     private static native String regReadFontLink(String searchfont);
     private static native String getEUDCFontFile();
 
-    static void getPlatformFontDirs() {
+    private static void getPlatformFontDirs() {
 
         if (userFontDir != null || sysFontDir != null) {
             return;
@@ -1122,8 +1123,7 @@
         }
     }
 
-    void resolveFontFiles
-        (HashSet<String> unmappedFiles,
+    private void resolveFontFiles(HashSet<String> unmappedFiles,
          ArrayList<String> unmappedFonts,
          HashMap<String,String> fontToFileMap,
          HashMap<String,String> fontToFamilyNameMap,
@@ -1410,10 +1410,13 @@
         }
     }
 
-    HashMap<String, PrismFontFile> embeddedFonts;
+    private HashMap<String, PrismFontFile> embeddedFonts;
 
     public PGFont loadEmbeddedFont(String name, InputStream fontStream,
                                    float size, boolean register) {
+        if (!hasPermission()) {
+            return createFont(DEFAULT_FULLNAME, size);
+        }
         if (FontFileWriter.hasTempPermission()) {
             return loadEmbeddedFont0(name, fontStream, size, register);
         }
@@ -1515,6 +1518,9 @@
      */
     public PGFont loadEmbeddedFont(String name, String path,
                                    float size, boolean register) {
+        if (!hasPermission()) {
+            return createFont(DEFAULT_FULLNAME, size);
+        }
         addFileCloserHook();
         FontResource fr = loadEmbeddedFont(name, path, register, false, false);
         if (fr != null) {
@@ -1553,11 +1559,18 @@
         return true;
     }
 
+    // Used for testing
+    private int numEmbeddedFonts = 0;
+    public int test_getNumEmbeddedFonts() {
+        return numEmbeddedFonts;
+    }
+
     private synchronized PrismFontFile loadEmbeddedFont(String name, String path,
-                                                        boolean register,
-                                                        boolean copy,
+                                                        boolean register, boolean copy,
                                                         boolean tracked) {
 
+        ++numEmbeddedFonts;
+
         /*
          * Fonts that aren't platform installed include those in the
          * application jar, WOFF fonts that are downloaded, and fonts
@@ -1753,6 +1766,18 @@
         return fontToFileMap;
     }
 
+    public final boolean hasPermission() {
+        try {
+            SecurityManager sm = System.getSecurityManager();
+            if (sm != null) {
+                sm.checkPermission(new AllPermission());
+            }
+            return true;
+        } catch (SecurityException ex) {
+            return false;
+        }
+    }
+
     private static class TTFilter implements FilenameFilter {
         public boolean accept(File dir,String name) {
             /* all conveniently have the same suffix length */
--- a/modules/graphics/src/main/java/com/sun/javafx/font/PrismFontLoader.java	Wed Jul 02 07:51:48 2014 -0700
+++ b/modules/graphics/src/main/java/com/sun/javafx/font/PrismFontLoader.java	Wed Jul 02 10:24:55 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -64,9 +64,13 @@
 
     private void loadEmbeddedFonts() {
         if (!embeddedFontsLoaded) {
+            FontFactory fontFactory = getFontFactoryFromPipeline();
+            if (!fontFactory.hasPermission()) {
+                embeddedFontsLoaded = true;
+                return;
+            }
             Properties map = loadEmbeddedFontDefinitions();
             Enumeration<?> names = map.keys();
-            FontFactory fontFactory = getFontFactoryFromPipeline();
             ClassLoader loader = Thread.currentThread().getContextClassLoader();
             while (names.hasMoreElements()) {
                 String n = (String)names.nextElement();
--- a/modules/graphics/src/main/java/com/sun/javafx/font/coretext/CTGlyph.java	Wed Jul 02 07:51:48 2014 -0700
+++ b/modules/graphics/src/main/java/com/sun/javafx/font/coretext/CTGlyph.java	Wed Jul 02 10:24:55 2014 -0700
@@ -45,6 +45,7 @@
     private static long cachedContextRef;
     private static final int BITMAP_WIDTH = 256;
     private static final int BITMAP_HEIGHT = 256;
+    private static final int MAX_SIZE = 320;
     private static final long GRAY_COLORSPACE = OS.CGColorSpaceCreateDeviceGray();
     private static final long RGB_COLORSPACE = OS.CGColorSpaceCreateDeviceRGB();
 
@@ -101,12 +102,21 @@
             OS.CGRectApplyAffineTransform(bounds, strike.matrix);
         }
 
-        /* The box is increased to capture all fragments from LCD rendering  */
-        bounds.origin.x = (int)Math.floor(bounds.origin.x) - 1;
-        bounds.origin.y = (int)Math.floor(bounds.origin.y) - 1;
-        bounds.size.width = (int)Math.ceil(bounds.size.width) + 1 + 1 + 1;
-        bounds.size.height = (int)Math.ceil(bounds.size.height) + 1 + 1 + 1;
+        if (bounds.size.width < 0 || bounds.size.height < 0 ||
+            bounds.size.width > MAX_SIZE || bounds.size.height > MAX_SIZE) {
+            /* Negative values for dimensions can indicate the font is corrupted.
+             * Overly large dimensions also indicate problem with the font as
+             * JavaFX uses path rasterizers for fontSize greater than 80pt.
+             */
+            bounds.origin.x = bounds.origin.y = bounds.size.width = bounds.size.height = 0;
+        } else {
 
+            /* The box is increased to capture all fragments from LCD rendering  */
+            bounds.origin.x = (int)Math.floor(bounds.origin.x) - 1;
+            bounds.origin.y = (int)Math.floor(bounds.origin.y) - 1;
+            bounds.size.width = (int)Math.ceil(bounds.size.width) + 1 + 1 + 1;
+            bounds.size.height = (int)Math.ceil(bounds.size.height) + 1 + 1 + 1;
+        }
     }
 
     @Override public Shape getShape() {
--- a/modules/graphics/src/main/java/com/sun/prism/j2d/J2DFontFactory.java	Wed Jul 02 07:51:48 2014 -0700
+++ b/modules/graphics/src/main/java/com/sun/prism/j2d/J2DFontFactory.java	Wed Jul 02 10:24:55 2014 -0700
@@ -85,6 +85,10 @@
         return prismFontFactory.isPlatformFont(name);
     }
 
+    public final boolean hasPermission() {
+        return prismFontFactory.hasPermission();
+    }
+
     /* This is an important but tricky one. We need to copy the
      * stream. I don't want to have to manage the temp file deletion here,
      * so although its non-optimal I will create a temp file, provide
@@ -94,6 +98,10 @@
     public PGFont loadEmbeddedFont(String name, InputStream fontStream,
                                    float size, boolean register) {
 
+        if (!hasPermission()) {
+            return createFont(DEFAULT_FULLNAME, size);
+        }
+
         PGFont font = prismFontFactory.loadEmbeddedFont(name, fontStream, 
                                                         size, register);
 
@@ -134,6 +142,10 @@
     public PGFont loadEmbeddedFont(String name, String path, 
                                    float size, boolean register) {
 
+        if (!hasPermission()) {
+            return createFont(DEFAULT_FULLNAME, size);
+        }
+
         PGFont font = prismFontFactory.loadEmbeddedFont(name, path, 
                                                         size, register);
 
--- a/modules/graphics/src/main/java/javafx/scene/text/Font.java	Wed Jul 02 07:51:48 2014 -0700
+++ b/modules/graphics/src/main/java/javafx/scene/text/Font.java	Wed Jul 02 10:24:55 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -341,6 +341,9 @@
      * such that the location is readable, and it represents a supported
      * font format then a <code>Font</code> object will be returned.
      * <p>
+     * If the application does not have the proper permission then this method
+     * will return the default system font with the specified font size.
+     * <p>
      * Any failure such as a malformed URL being unable to locate or read
      * from the resource, or if it doesn't represent a font, will result in
      * a <code>null</code> return. It is the application's responsibility
@@ -422,6 +425,9 @@
      * fully read, and it represents a supported font format then a
      * <code>Font</code> object will be returned.
      * <p>
+     * If the application does not have the proper permission then this method
+     * will return the default system font with the specified font size.
+     * <p>
      * Any failure such as abbreviated input, or an unsupported font format
      * will result in a <code>null</code> return. It is the application's
      * responsibility to check this before use.
--- a/modules/graphics/src/main/native-font/coretext.c	Wed Jul 02 07:51:48 2014 -0700
+++ b/modules/graphics/src/main/native-font/coretext.c	Wed Jul 02 10:24:55 2014 -0700
@@ -683,7 +683,11 @@
     (JNIEnv *env, jclass that, jlong arg0, jint dstWidth, jint dstHeight, jint bpp)
 {
     jbyteArray result = NULL;
+    if (dstWidth < 0) return NULL;
+    if (dstHeight < 0) return NULL;
+    if (bpp != 8 && bpp != 24) return NULL;
     CGContextRef context = (CGContextRef)arg0;
+    if (context == NULL) return NULL;
     jbyte *srcData = (jbyte*)CGBitmapContextGetData(context);
 
     if (srcData) {
@@ -700,7 +704,8 @@
         //bits per pixel, either 8 for gray or 24 for LCD.
         int dstStep = bpp / 8;
         size_t size = dstWidth * dstHeight * dstStep;
-        jbyte data[size];
+        jbyte* data = (jbyte*)calloc(size, sizeof(jbyte));
+        if (data == NULL) return NULL;
 
         int x, y, sx;
         int dstOffset = 0;
@@ -723,6 +728,7 @@
         if (result) {
             (*env)->SetByteArrayRegion(env, result, 0, size, data);
         }
+        free(data);
     }
     return result;
 }
@@ -774,13 +780,13 @@
     UInt32 index = arg2 & 0xFFFF;
     if (indexToLocFormat) {
         const UInt32 * loca = (const UInt32 *)CFDataGetBytePtr(tableData);
-        if (loca != NULL && length / 4 > arg2) {
+        if (loca != NULL && (index + 1) < (length / 4)) {
             offset1 = CFSwapInt32BigToHost(loca[index]);
             offset2 = CFSwapInt32BigToHost(loca[index + 1]);
         }
     } else {
         const UInt16 * loca = (const UInt16 *)CFDataGetBytePtr(tableData);
-        if (loca != NULL && length / 2 > arg2) {
+        if (loca != NULL && (index + 1) < (length / 2)) {
             offset1 = CFSwapInt16BigToHost(loca[index]) << 1;
             offset2 = CFSwapInt16BigToHost(loca[index + 1]) << 1;
         }
@@ -792,7 +798,7 @@
         if (tableData == NULL) return FALSE;
         length = CFDataGetLength(tableData);
         const UInt8 * ptr = CFDataGetBytePtr(tableData);
-        if (ptr != NULL && length > (offset1 + 10)) {
+        if (ptr != NULL && (offset1 + 10) < length) {
             const SInt16 * glyf = (const SInt16 *)(ptr + offset1);
             /*
              * CFSwapInt16BigToHost returns an unsigned short, need
--- a/modules/media/src/main/native/gstreamer/3rd_party/glib/glib-2.28.8/glib/gstrfuncs.c	Wed Jul 02 07:51:48 2014 -0700
+++ b/modules/media/src/main/native/gstreamer/3rd_party/glib/glib-2.28.8/glib/gstrfuncs.c	Wed Jul 02 10:24:55 2014 -0700
@@ -550,6 +550,10 @@
       char *copy;
 
       copy = g_malloc (end - (char *)nptr + 1);
+#ifdef GSTREAMER_LITE
+      if (copy == NULL)
+        return 0;
+#endif
       memcpy (copy, nptr, end - nptr);
       *(copy + (end - (char *)nptr)) = 0;
 
--- a/modules/media/src/main/native/gstreamer/gstreamer-lite/gst-plugins-good/gst/isomp4/qtdemux.c	Wed Jul 02 07:51:48 2014 -0700
+++ b/modules/media/src/main/native/gstreamer/gstreamer-lite/gst-plugins-good/gst/isomp4/qtdemux.c	Wed Jul 02 10:24:55 2014 -0700
@@ -5893,6 +5893,9 @@
     gint i, count;
     guint64 time, stime;
     guint8 *buffer;
+#ifdef GSTREAMER_LITE
+    guint32 buffer_length;
+#endif
 
     GST_DEBUG_OBJECT (qtdemux, "looking for edit list");
     if (!(elst = qtdemux_tree_get_child_by_type (edts, FOURCC_elst)))
@@ -5905,10 +5908,18 @@
     /* we might allocate a bit too much, at least allocate 1 segment */
 #ifdef GSTREAMER_LITE
     n_segments = MAX (n_segments, 1);
-    if (n_segments < G_MAXSIZE / sizeof(QtDemuxSegment))
-        stream->segments = g_new (QtDemuxSegment, n_segments);
-    else
+      
+    if (n_segments < G_MAXSIZE / sizeof(QtDemuxSegment)) {
+        stream->segments = g_try_malloc (sizeof(QtDemuxSegment) * n_segments);
+          
+        if (stream->segments == NULL) {
+            return FALSE;
+        }
+        
+        buffer_length = QT_UINT32 (buffer);
+    } else {
         return FALSE;
+    }
 #else
     stream->segments = g_new (QtDemuxSegment, MAX (n_segments, 1));
 #endif // GSTREAMER_LITE
@@ -5923,6 +5934,62 @@
       QtDemuxSegment *segment;
       guint32 rate_int;
 
+#ifdef GSTREAMER_LITE
+        guint32 idx;
+        
+        idx = 20 + i * 12;
+        
+        if (idx <= buffer_length - 4) {
+            media_time = QT_UINT32 (buffer + idx);
+            
+            /* -1 media time is an empty segment, just ignore it */
+            if (media_time == G_MAXUINT32) {
+                continue;
+            }
+        } else {
+            return FALSE;
+        }
+        
+        idx = 16 + i * 12;
+        
+        if (idx <= buffer_length - 4) {
+            duration = QT_UINT32 (buffer + idx);
+        } else {
+            return FALSE;
+        }
+        
+        segment = &stream->segments[count++];
+        
+        /* time and duration expressed in global timescale */
+        segment->time = stime;
+        /* add non scaled values so we don't cause roundoff errors */
+        time += duration;
+        stime = gst_util_uint64_scale (time, GST_SECOND, qtdemux->timescale);
+        segment->stop_time = stime;
+        segment->duration = stime - segment->time;
+        /* media_time expressed in stream timescale */
+        segment->media_start =
+        gst_util_uint64_scale (media_time, GST_SECOND, stream->timescale);
+        segment->media_stop = segment->media_start + segment->duration;
+        
+        idx = 24 + i * 12;
+        
+        if (idx <= buffer_length - 4) {
+            rate_int = GST_READ_UINT32_BE (buffer + idx);
+            
+            if (rate_int <= 1) {
+                /* 0 is not allowed, some programs write 1 instead of the floating point
+                 * value */
+                GST_WARNING_OBJECT (qtdemux, "found suspicious rate %" G_GUINT32_FORMAT,
+                                    rate_int);
+                segment->rate = 1;
+            } else {
+                segment->rate = rate_int / 65536.0;
+            }
+        } else {
+            return FALSE;
+        }
+#else
       media_time = QT_UINT32 (buffer + 20 + i * 12);
 
       /* -1 media time is an empty segment, just ignore it */
@@ -5955,7 +6022,8 @@
       } else {
         segment->rate = rate_int / 65536.0;
       }
-
+#endif
+        
       GST_DEBUG_OBJECT (qtdemux, "created segment %d time %" GST_TIME_FORMAT
           ", duration %" GST_TIME_FORMAT ", media_time %" GST_TIME_FORMAT
           ", rate %g, (%d)", i, GST_TIME_ARGS (segment->time),
--- a/modules/media/src/main/native/jfxmedia/jni/JavaInputStreamCallbacks.cpp	Wed Jul 02 07:51:48 2014 -0700
+++ b/modules/media/src/main/native/jfxmedia/jni/JavaInputStreamCallbacks.cpp	Wed Jul 02 10:24:55 2014 -0700
@@ -31,7 +31,6 @@
 #include <string.h>
 #endif // TARGET_OS_LINUX
 
-bool      CJavaInputStreamCallbacks::m_areJMethodIDsInitialized = false;
 jfieldID  CJavaInputStreamCallbacks::m_BufferFID = 0;
 jmethodID CJavaInputStreamCallbacks::m_NeedBufferMID = 0;
 jmethodID CJavaInputStreamCallbacks::m_ReadNextBlockMID = 0;
@@ -70,9 +69,13 @@
         return false;
     }
 
-    if (!m_areJMethodIDsInitialized)
+    static bool methodIDsInitialized = false;
+    if (!methodIDsInitialized)
     {
-        jclass klass = env->GetObjectClass(m_ConnectionHolder);
+        // Get the parent abstract class. It's wrong to get method ids from the concrete implementation
+        // because it crashes jvm when it tries to call virtual methods. 
+        // See https://javafx-jira.kenai.com/browse/RT-37115
+        jclass klass = env->FindClass("com/sun/media/jfxmedia/locator/ConnectionHolder"); 
 
         m_BufferFID = env->GetFieldID(klass, "buffer", "Ljava/nio/ByteBuffer;");
         m_NeedBufferMID = env->GetMethodID(klass, "needBuffer", "()Z");
@@ -85,7 +88,7 @@
         m_PropertyMID = env->GetMethodID(klass, "property", "(II)I");
         m_GetStreamSizeMID = env->GetMethodID(klass, "getStreamSize", "()I");
 
-        m_areJMethodIDsInitialized = true;
+        methodIDsInitialized = true;
         env->DeleteLocalRef(klass);
     }
 
--- a/modules/media/src/main/native/jfxmedia/jni/JavaInputStreamCallbacks.h	Wed Jul 02 07:51:48 2014 -0700
+++ b/modules/media/src/main/native/jfxmedia/jni/JavaInputStreamCallbacks.h	Wed Jul 02 10:24:55 2014 -0700
@@ -52,7 +52,6 @@
     jobject          m_ConnectionHolder;
 
     JavaVM           *m_jvm;
-    static bool      m_areJMethodIDsInitialized;
     static jfieldID  m_BufferFID;
     static jmethodID m_NeedBufferMID;
     static jmethodID m_ReadNextBlockMID;