RFR: 8269630: Bad clipboard data causes JVM to crash

[Ambarish Rapte]

On Fri, 5 Dec 2025 13:43:45 GMT, Lukasz Kostyra <lkostyra at openjdk.org> wrote:

> This commit fixes the JVM crash caused by bad Clipboard data on Linux.
> 
> On Windows the Clipboard is a bit more generic in how it operates - even if the MIME type mismatches, the Clipboard will accept any object and then return it. GTK is less generic in this regard (at least our Glass implementation) so for cases like text it requires us to fetch the String contents and set those directly onto the Clipboard.
> 
> Moreover, `ClipboardContent` is simply an extension of `HashMap` which exposes `put()` and lets us assign whatever object we want to whatever MIME type we want. As such, if we follow the example code from the JDK issue, we would try to fetch String contents from something that is not a String, causing SIGSEGV.
> 
> Fix was done by type-checking incoming `ClipboardContent` data. I saw that this can also happen in other content types than text, so I guarded those as well. If types are not what we expect them to be, the attempt to update the System Clipboard is silently discarded and the crash is avoided. According to my manual testing, as long as data types are correct everything seems to work fine.
> 
> As a side-note, this also shows there is discrepancy in how `Clipboard` operates between platforms. We should unify that behavior, but that is a larger task which will be solved under [JDK-8373090](https://bugs.openjdk.org/browse/JDK-8373090).

Observation: On Mac, The test program results in below exception


DelayedCallback not implemented yet: JDK-8091740
java.lang.Exception: Stack trace
	at java.base/java.lang.Thread.dumpStack(Thread.java:2018)
	at javafx.graphics at 26-internal/com.sun.glass.ui.mac.MacSystemClipboard.pushToSystem(MacSystemClipboard.java:157)
	at javafx.graphics at 26-internal/com.sun.glass.ui.SystemClipboard.flush(SystemClipboard.java:51)
	at javafx.graphics at 26-internal/com.sun.glass.ui.ClipboardAssistance.flush(ClipboardAssistance.java:59)
	at javafx.graphics at 26-internal/com.sun.javafx.tk.quantum.QuantumClipboard.putContent(QuantumClipboard.java:630)
	at javafx.graphics at 26-internal/javafx.scene.input.Clipboard.setContent(Clipboard.java:244)
	at Abort1$1.run(Abort1.java:24)
	at javafx.graphics at 26-internal/com.sun.javafx.application.PlatformImpl.lambda$runLater$0(PlatformImpl.java:424)
	at javafx.graphics at 26-internal/com.sun.glass.ui.InvokeLaterDispatcher$Future.run(InvokeLaterDispatcher.java:95)


As you pointed, that can be matched/changed when the behavior is unified.

modules/javafx.graphics/src/main/native-glass/gtk/GlassSystemClipboard.cpp line 202:

> 200:         if (jurl != NULL && mainEnv->IsInstanceOf(jurl, jStringCls)) {
> 201:             url = getUTF(mainEnv, jurl);
> 202:         }

May be the type casting to `jstring` on line 198 be removed, as there is no guarantee that returned object is jstring, and may be change type of `jurl` to `jobject`
similarly line no 235.

-------------

PR Review: https://git.openjdk.org/jfx/pull/1999#pullrequestreview-3550760783
PR Review Comment: https://git.openjdk.org/jfx/pull/1999#discussion_r2597570409