RFR: 8319079: Missing range checks in decora
Kevin Rushforth
kcr at openjdk.org
Mon Oct 30 15:19:45 UTC 2023
On Mon, 30 Oct 2023 11:22:52 GMT, Nir Lisker <nlisker at openjdk.org> wrote:
>> In SW pipeline path of Box/Gaussian Blur/Shadow effects we are not checking for range when we read data from the source/destination buffers in native code.
>>
>> We need to add appropriate range checks in native JNI code also apart from range checks in Java side to make sure that wherever these JNI methods are used we are not performing out of bounds access.
>
> modules/javafx.graphics/src/main/native-decora/SSELinearConvolveShadowPeer.cc line 133:
>
>> 131: dstrows > srcrows) { // We should not move out of source vertical bounds
>> 132: return;
>> 133: }
>
> Instead of copy-pasting the same checks in all the missing places, isn't it better to create a check method (say in `SSEUtils`) and call if from all the places? Like in the style of `java.util.Objects::checkRange`.
If the checks are identical, that could be a useful change.
-------------
PR Review Comment: https://git.openjdk.org/jfx/pull/1272#discussion_r1376396004
More information about the openjfx-dev
mailing list