RFR: 8274929: Crash while reading specific clipboard content [v2]
Kevin Rushforth
kcr at openjdk.java.net
Wed Nov 10 12:46:10 UTC 2021
On Wed, 10 Nov 2021 01:06:40 GMT, Kevin Rushforth <kcr at openjdk.org> wrote:
>> Then shouldn't we also not trust the data if `bufferSize` is larger than it needs to be? The documentation of `FILEGROUPDESCRIPTORA/W` says that `cItems` should correspond exactly to the numer of items in the array that follows.
>
>> Then shouldn't we also not trust the data if bufferSize is larger than it needs to be?
>
> Yes, that's a good point.
>
> In order to avoid integer overflow, I'll probably leave the two existing tests, and add a third (or else do the test using a `jlong`). Something like this should work:
>
>
> jsize bufferSize = me.size() - sizeof(UINT);
> if ((pdata->cItems > 0) &&
> (bufferSize / pdata->cItems >= itemSize) &&
> (bufferSize == pdata->cItems * itemSize))
>
>
> I'll update this tomorrow.
Fixed. I decided it was cleaner to use `jlong` and just have the equality check.
-------------
PR: https://git.openjdk.java.net/jfx/pull/662
More information about the openjfx-dev
mailing list