Integrated: 8264666: Change implementation of safeAdd/safeMult in the LCMSImageLayout class

[Sergey Bylokhov]

On Fri, 2 Apr 2021 23:02:50 GMT, Sergey Bylokhov <serb at openjdk.org> wrote:

> Description of the new version of the fix:
> While I have worked on this change and tried to consider the comments, I have found that the usages of the "safeAdd/safeMult" in the LCMSImageLayout class are incorrect. Both methods are based on the "Math" versions but throw a different exception. The problem is that its implementation may accept the negative values during intermediate calculation, see the old implementation of "[verify](https://github.com/openjdk/jdk/blob/139615b1815d4afd3593536d83fa8b25430f35e7/src/java.desktop/share/classes/sun/java2d/cmm/lcms/LCMSImageLayout.java#L343)" method:
>  1. We check the "offset" value: 0 <= offset <  dataArrayLength
>  2. We do some intermediate calculations that "accept" negative values
>  3. We check the final "off" value: 0 <= offset <  dataArrayLength
> 
> I wondered is it possible to provide some data that using wrong/negative data at step2 may result in the correct check at step3. I spent some time and was able to reproduce the problem with the attached test case. Note that the test is a little bit cryptic since it is not possible to reproduce it by input image data.
> 
> Note: I have removed all cleanup from the fix, to make it simpler.
> 
> <======>
> Description of the old version of the fix:
> - The hand-crafted methods for addition and multiplication are replaced by the "Math" versions.
> - Cleanup: the usage of do/while(false) is removed

This pull request has now been integrated.

Changeset: 40f19c01
Author:    Sergey Bylokhov <serb at openjdk.org>
URL:       https://git.openjdk.java.net/jdk/commit/40f19c014fed37b09db409cb9507f68f5011f139
Stats:     195 lines in 2 files changed: 169 ins; 15 del; 11 mod

8264666: Change implementation of safeAdd/safeMult in the LCMSImageLayout class

Reviewed-by: prr

-------------

PR: https://git.openjdk.java.net/jdk/pull/3333