RFR: 8365609: Fix several potential NULL native pointer dereferences in the desktop module [v2]
Alexander Zvegintsev
azvegint at openjdk.org
Thu Aug 28 12:50:47 UTC 2025
On Mon, 25 Aug 2025 13:26:10 GMT, Artem Semenov <asemenov at openjdk.org> wrote:
>> The defect has been detected and confirmed in the function OGLBlitToSurfaceViaTexture() located in the file src/java.desktop/share/native/common/java2d/opengl/OGLBlitLoops.c with static code analysis. This defect can potentially lead to a null pointer dereference.
>>
>> The pointer pf is dereferenced in line 324 without checking for nullptr, although earlier in line 274 the same pointer is checked for nullptr, which indicates that it can be null.
>>
>> In the same file, line 551 calls OGLBlitToSurfaceViaTexture() from line 263, where NULL is passed in place of pf.
>> All other calls are fine.
>>
>> Also, another function with a similar issue from the same file, OGLBlitSwToTexture() from line 396.
>>
>> In src/java.desktop/unix/native/libawt_xawt/awt/gtk3_interface.c gtk3_load()
>> The pointer fp_glib_check_version can be null, but it is dereferenced without any check. Although in the same file, for example, line 280 contains a check, this check does not lead to termination of execution.
>>
>>
>> In src/java.desktop/share/native/libsplashscreen/splashscreen_gif.c SplashDecodeGif()
>> The pointer colorMap is dereferenced after it has been checked against nullptr in lines 151 and 206. Moreover, between these checks and the mentioned location (line 282), the pointer is not modified in any way.
>>
>> According to [this](https://github.com/openjdk/jdk/pull/26002#issuecomment-3023050372) comment, this PR contains fixes for similar cases in other places.
>
> Artem Semenov has updated the pull request incrementally with two additional commits since the last revision:
>
> - Updated fix fore src/java.desktop/unix/native/libawt_xawt/awt/gtk3_interface.c gtk3_load()
> - Revert "The same issue is present in src/java.desktop/unix/native/libawt_xawt/awt/gtk3_interface.c gtk3_load()"
>
> This reverts commit a369e3af3abb11eb1163c1ea461e1558b8838551.
src/java.desktop/share/native/common/java2d/opengl/OGLBlitLoops.c line 325:
> 323: sy, srcInfo->scanStride);
> 324: if (pf != NULL) {
> 325: if (slowPath) {
The current indentation does seem to be off.
GLvoid *pSrc = PtrCoord(srcInfo->rasBase,
sx, srcInfo->pixelStride,
sy, srcInfo->scanStride);
if (pf) {
if (slowPath) {
jint tmph = sh;
while (tmph > 0) {
...
The same applies to the other added if statement.
src/java.desktop/share/native/libsplashscreen/splashscreen_gif.c line 283:
> 281:
> 282: if (((colorMap != NULL) && (colorMap->Colors != NULL)) &&
> 283: (transparentColor < 0)) {
Suggestion:
if (colorMap != NULL &&
colorMap->Colors != NULL &&
transparentColor < 0) {
or even
Suggestion:
if (colorMap &&
colorMap->Colors &&
transparentColor < 0) {
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26799#discussion_r2307305381
PR Review Comment: https://git.openjdk.org/jdk/pull/26799#discussion_r2307278440
More information about the client-libs-dev
mailing list