RFR: 8274939: Incorrect size of the pixel storage is used by the robot on macOS

Fri Jan 28 04:06:11 UTC 2022

On Fri, 28 Jan 2022 01:13:56 GMT, Sergey Bylokhov <serb at openjdk.org> wrote:

> > ```
> > * I still see a need for a safety check in native code
> > ```
> 
> 
> I can add some check but which one? In the native we should use the bounds we passed from java side, the problem is that we pass "1 * scale" = 'scale", but allocate the array as "new int[1]" so this is an issue on that java side in the changed method.
Isn't the over-run supposed to be here :

JNIEXPORT void JNICALL
Java_sun_lwawt_macosx_CRobot_nativeGetScreenPixels
(JNIEnv *env, jobject peer,
 jint x, jint y, jint width, jint height, jdouble scale, jintArray pixels)

 void *jPixelData = (*env)->GetPrimitiveArrayCritical(env, pixels, 0);

  CGContextRef jPicContextRef = CGBitmapContextCreate(
                                            jPixelData,
                                            picWidth, picHeight,
                                            8, picWidth * sizeof(jint),
                                            picColorSpace,
                                            kCGBitmapByteOrder32Host |
                                            kCGImageAlphaPremultipliedFirst)

And then the apple docs at https://developer.apple.com/documentation/coregraphics/1455939-cgbitmapcontextcreate/ say
about the 1st parameter :
Data

    A pointer to the destination in memory where the drawing is to be rendered. The size of this memory block should be at least (bytesPerRow*height) bytes.
and picWidth * sizeof(jint), is bytes per row.
    So if it the Java array pixels  is just one int (4 bytes) and we have a scale of 2 when it needs to be 4 ints (16 bytes) we'd have the over-run ? 
Then why can't we just  make sure (*env)->GetArrayLength(env, pixels) >= picWidth * picHeight ??

-------------

PR: https://git.openjdk.java.net/jdk/pull/5864