changeset in /hg/icedtea: 2007-11-22 Thomas Fitzsimmons <fitzs...

Wed Jan 16 07:09:30 PST 2008

changeset 6a1a185118fb in /hg/icedtea
details: http://icedtea.classpath.org/hg/icedtea?cmd=changeset;node=6a1a185118fb
description:
	2007-11-22  Thomas Fitzsimmons  <fitzsim at redhat.com>

		* rt/java/awt/color/ICC_Profile.java (ICC_Profile(byte[])): Remove
		duplicate ProfileHeader creation.
		* rt/gnu/java/awt/color/TagEntry.java
		(TagEntry(int,int,int,byte[])): Check for invalid tag size.

diffstat:

3 files changed, 12 insertions(+), 3 deletions(-)
ChangeLog                           |    7 +++++++
rt/gnu/java/awt/color/TagEntry.java |    4 ++++
rt/java/awt/color/ICC_Profile.java  |    4 +---

diffs (43 lines):

diff -r 794450907115 -r 6a1a185118fb ChangeLog

--- a/ChangeLog	Thu Nov 22 07:35:40 2007 -0500
+++ b/ChangeLog	Thu Nov 22 11:36:04 2007 -0500
@@ -1,3 +1,10 @@ 2007-11-22  Gary Benson  <gbenson at redhat
+2007-11-22  Thomas Fitzsimmons  <fitzsim at redhat.com>
+
+	* rt/java/awt/color/ICC_Profile.java (ICC_Profile(byte[])): Remove
+	duplicate ProfileHeader creation.
+	* rt/gnu/java/awt/color/TagEntry.java
+	(TagEntry(int,int,int,byte[])): Check for invalid tag size.
+
 2007-11-22  Gary Benson  <gbenson at redhat.com>
 
 	* ports/hotspot/src/cpu/ppc/vm/assembler_ppc.hpp
diff -r 794450907115 -r 6a1a185118fb rt/gnu/java/awt/color/TagEntry.java
--- a/rt/gnu/java/awt/color/TagEntry.java	Thu Nov 22 07:35:40 2007 -0500
+++ b/rt/gnu/java/awt/color/TagEntry.java	Thu Nov 22 11:36:04 2007 -0500
@@ -60,6 +60,10 @@ public class TagEntry
     this.signature = sig;
     this.offset = offset;
     this.size = size;
+    // Prevent invalid tag data from exhausting heap memory.  See
+    // <https://bugzilla.redhat.com/show_bug.cgi?id=318621>.
+    if (size > data.length)
+      throw new IllegalArgumentException("Invalid tag size.");
     this.data = new byte[size];
     System.arraycopy(data, offset, this.data, 0, size);
   }
diff -r 794450907115 -r 6a1a185118fb rt/java/awt/color/ICC_Profile.java
--- a/rt/java/awt/color/ICC_Profile.java	Thu Nov 22 07:35:40 2007 -0500
+++ b/rt/java/awt/color/ICC_Profile.java	Thu Nov 22 11:36:04 2007 -0500
@@ -328,10 +328,8 @@ public class ICC_Profile implements Seri
    */
   public static ICC_Profile getInstance(byte[] data)
   {
+    // get header and verify it
     ProfileHeader header = new ProfileHeader(data);
-
-    // get header and verify it
-    header = new ProfileHeader(data);
     header.verifyHeader(data.length);
 
     Hashtable tags = createTagTable(data);

