OpenJDK / amber / amber

changeset 4202:20061d84dd36

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6872357: JRE AWT setDifflCM vulnerable to Stack Overflow Reviewed-by: prr, hawtin
author bae
date Thu, 10 Sep 2009 12:50:09 +0400
parents b3906ffdbcd6
children 059fe9142d1c
files jdk/src/share/native/sun/awt/image/awt_ImageRep.c
diffstat 1 files changed, 7 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/jdk/src/share/native/sun/awt/image/awt_ImageRep.c	Thu Sep 10 12:26:34 2009 +0400
+++ b/jdk/src/share/native/sun/awt/image/awt_ImageRep.c	Thu Sep 10 12:50:09 2009 +0400
@@ -266,6 +266,13 @@
     jnewlut = (*env)->GetObjectField(env, jicm, g_ICMrgbID);
     mapSize = (*env)->GetIntField(env, jicm, g_ICMmapSizeID);
 
+    if (numLut < 0 || numLut > 256 || mapSize < 0 || mapSize > 256) {
+        /* Ether old or new ICM has a palette that exceeds capacity
+           of byte data type, so we have to convert the image data
+           to default representation.
+        */
+        return 0;
+    }
     srcLUT = (unsigned int *) (*env)->GetPrimitiveArrayCritical(env, jlut,
                                                                 NULL);
     if (srcLUT == NULL) {
© 2007, 2022 Oracle and/or its affiliates
Terms of Use · Privacy · Trademarks