Integrated: 8274929: Crash while reading specific clipboard content

[Kevin Rushforth]

On Tue, 9 Nov 2021 16:57:58 GMT, Kevin Rushforth <kcr at openjdk.org> wrote:

> This bug is caused by not sanity checking the data returned by a call to the Windows Clipboard `IDataObject::GetData` method. When requesting a file descriptor with a format of either `CFSTR_FILEDESCRIPTORA` or `CFSTR_FILEDESCRIPTORW`, which returns a list of file names, the first word of the returned data buffer is supposed to be the number of items that follow. Applications can put data on the clipboard in such a way that it will respond to a request to return the list of files from the clipboard with data that isn't formatted correctly, so we can't assume that the first word is a valid count.
> 
> The fix is to check the returned buffer size against the item count. I added a regression test that fails before and passes after the fix.

This pull request has now been integrated.

Changeset: effcc866
Author:    Kevin Rushforth <kcr at openjdk.org>
URL:       https://git.openjdk.java.net/jfx/commit/effcc86667f0ed7cf2899384fbc5fd97b8c9f7b5
Stats:     115 lines in 3 files changed: 111 ins; 0 del; 4 mod

8274929: Crash while reading specific clipboard content

Reviewed-by: mstrauss, arapte, pbansal

-------------

PR: https://git.openjdk.java.net/jfx/pull/662