RFR: 8274939: Incorrect size of the pixel storage is used by the robot on macOS
Phil Race
prr at openjdk.java.net
Fri Jan 28 04:06:11 UTC 2022
On Fri, 28 Jan 2022 01:13:56 GMT, Sergey Bylokhov <serb at openjdk.org> wrote:
> > ```
> > * I still see a need for a safety check in native code
> > ```
>
>
> I can add some check but which one? In the native we should use the bounds we passed from java side, the problem is that we pass "1 * scale" = 'scale", but allocate the array as "new int[1]" so this is an issue on that java side in the changed method.
Isn't the over-run supposed to be here :
JNIEXPORT void JNICALL
Java_sun_lwawt_macosx_CRobot_nativeGetScreenPixels
(JNIEnv *env, jobject peer,
jint x, jint y, jint width, jint height, jdouble scale, jintArray pixels)
void *jPixelData = (*env)->GetPrimitiveArrayCritical(env, pixels, 0);
CGContextRef jPicContextRef = CGBitmapContextCreate(
jPixelData,
picWidth, picHeight,
8, picWidth * sizeof(jint),
picColorSpace,
kCGBitmapByteOrder32Host |
kCGImageAlphaPremultipliedFirst)
And then the apple docs at https://developer.apple.com/documentation/coregraphics/1455939-cgbitmapcontextcreate/ say
about the 1st parameter :
Data
A pointer to the destination in memory where the drawing is to be rendered. The size of this memory block should be at least (bytesPerRow*height) bytes.
and picWidth * sizeof(jint), is bytes per row.
So if it the Java array pixels is just one int (4 bytes) and we have a scale of 2 when it needs to be 4 ints (16 bytes) we'd have the over-run ?
Then why can't we just make sure (*env)->GetArrayLength(env, pixels) >= picWidth * picHeight ??
-------------
PR: https://git.openjdk.java.net/jdk/pull/5864
More information about the client-libs-dev
mailing list