RFR: 8274929: Crash while reading specific clipboard content
Kevin Rushforth
kcr at openjdk.java.net
Wed Nov 10 01:09:37 UTC 2021
On Wed, 10 Nov 2021 00:53:24 GMT, Michael Strauß <mstrauss at openjdk.org> wrote:
> Then shouldn't we also not trust the data if bufferSize is larger than it needs to be?
Yes, that's a good point.
In order to avoid integer overflow, I'll probably leave the two existing tests, and add a third (or else do the test using a `jlong`). Something like this should work:
jsize bufferSize = me.size() - sizeof(UINT);
if ((pdata->cItems > 0) &&
(bufferSize / pdata->cItems >= itemSize) &&
(bufferSize == pdata->cItems * itemSize))
I'll update this tomorrow.
-------------
PR: https://git.openjdk.java.net/jfx/pull/662
More information about the openjfx-dev
mailing list