RFR: 8274929: Crash while reading specific clipboard content
Michael Strauß
mstrauss at openjdk.java.net
Wed Nov 10 00:56:36 UTC 2021
On Wed, 10 Nov 2021 00:31:05 GMT, Kevin Rushforth <kcr at openjdk.org> wrote:
>> modules/javafx.graphics/src/main/native-glass/win/GlassClipboard.cpp line 1307:
>>
>>> 1305: jsize bufferSize = me.size() - sizeof(UINT);
>>> 1306: if ((pdata->cItems > 0) &&
>>> 1307: (bufferSize / pdata->cItems >= itemSize))
>>
>> Instead of discarding all the data, have you considered reading `min(pdata->cItems, bufferSize / itemSize)` items?
>
> I thought about it, but since failing this test means that `cItems` is invalid, there is no reason to believe that the data that follows it is any less invalid.
Then shouldn't we also not trust the data if `bufferSize` is larger than it needs to be? The documentation of `FILEGROUPDESCRIPTORA/W` says that `cItems` should correspond exactly to the numer of items in the array that follows.
-------------
PR: https://git.openjdk.java.net/jfx/pull/662
More information about the openjfx-dev
mailing list