RFR: JDK-8311113: Remove invalid pointer cast and clean up setLabel() in awt_MenuItem.cpp [v3]
Alexey Ivanov
aivanov at openjdk.org
Wed Aug 30 20:49:27 UTC 2023
On Wed, 30 Aug 2023 18:40:57 GMT, Phil Race <prr at openjdk.org> wrote:
> > I would also add that the pointer saved to `mii.dwTypeData` becomes invalid as soon as `m->SetLabel(labelPtr)` returns because the code in `_SetLabel` releases the pointer `labelPtr`.
> > Essentially, this was the code flow in `_SetLabel`:
> > ```c++
> > LPCTSTR labelPtr = JNU_GetStringPlatformChars(env, label, 0);
> > m->SetLabel(labelPtr);
> > JNU_ReleaseStringPlatformChars(env, label, labelPtr);
> > ```
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > If any code had dereferenced the pointer stored for a menu item in `dwTypeData`, the process would've crashed with access violation, or it could've led to a memory corruption.
>
> I don't think that's relevant. "mii" is stack allocated and the code does ::InsertMenuItem(hMenu, idx, TRUE, &mii);
>
> and this pattern occurs in other places too.
>
> So I conclude that - although it isn't documented SFAICS - that GDI deep copies what it needs out of the struct.
Yes, I was wrong. I realised it later after I looked at the docs more.
The description of the [MENUITEMINFOW](https://learn.microsoft.com/en-us/windows/win32/api/winuser/ns-winuser-menuiteminfow) says, <q cite="https://learn.microsoft.com/en-us/windows/win32/api/winuser/ns-winuser-menuiteminfow">To retrieve a menu item of type MFT_STRING, irst find the size of the string by setting the dwTypeData member of MENUITEMINFO to NULL and then calling GetMenuItemInfo.</q> This implies the menu string is stored in the Window Manager.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/15276#issuecomment-1699816660
More information about the client-libs-dev
mailing list