RFR(M): 8170525: Fix minor issues in awt coding

Vincent Ryan vincent.x.ryan at oracle.com
Wed Nov 30 13:52:30 UTC 2016 

Hello Goetz,

Please modify the bug summary to reference ECC too.
Your ECC changes look fine but the ‘Last Modified Date’ line in the 4 source code headers will need to be updated/added.

BTW p11_mutex.c is listed below but appears to be missing from the webrev.

Thanks.



> On 30 Nov 2016, at 13:12, Lindenmaier, Goetz <goetz.lindenmaier at sap.com> wrote:
> 
> Hi, 
>  
> I’d like to propose a row of smaller fixes where code is noted down a bit questionable.
> SAP’s quality process requires that we fix these in our internal delivery, and I
> Would like to share my fixes with openJdk.  Some of these fixes are of more
> theoretical nature as how I understand the code paths never allow the
> problematic situation, but fixing it nevertheless assures that nothing is
> overseen if the code changes.  Most changes are in  libawt_xawt, some
> are in libsunec.
>  
> I’d appreciate a review:
> http://cr.openjdk.java.net/~goetz/wr16/8170525-awt/webrev.01/ <http://cr.openjdk.java.net/~goetz/wr16/8170525-awt/webrev.01/>
>  
> Changes in detail:
> 
> awt_InputMethod.c: 
> 
> One might overrun the 100 byte fixed-size string statusWindow->status by copying text->string.multi_byte without checking the length. 
> 
> gtk3_interface.c: 
> 
> This less-than-zero comparison of an unsigned value is never true. 
> 
> Using uninitialized value color. Field color.alpha is uninitialized. 
> E.g. used at gtk3_interface.c:2287. 
> 
> XToolkit.c 
> 
> Using uninitialized value ret_timeout. 
> E.g. in XToolkit.c:6809. 
> 
> XWindow.c 
> 
> Argument is incompatible with corresponding format string conversion. 
> 
> splashscreen_sys.c 
> 
> Overflowed or truncated value (or a value computed from an overflowed or truncated value) (gdk_scale > 0) ? native_scale * (double)gdk_scale : native_scale used as return value. 
> 
> ec.c 
> 
> Using uninitialized value k.dp when calling mp_clear. 
> 
> ecdecode.c 
> 
> You might overrun the 291 byte fixed-size string genenc by copying curveParams->geny without checking the length. 
> Added sanity check before doing the string concatenation. 
> 
> ecl_mult.c 
> 
> Using uninitialized value kt.flag when calling *group->point_mul. (The function pointer resolves to ec_GF2m_pt_mul_mont.) 
> 
> mpi.c 
> 
> Using uninitialized value s. Field s.flag is uninitialized when calling s_mp_exch. 
> Using uninitialized value tmp. Field tmp.flag is uninitialized when calling s_mp_exch 
> Using uninitialized value t.dp when calling mp_clear. 
> 
> p11_mutex.c 
> 
> Using uninitialized value *ckpInitArgs. Field ckpInitArgs->flags is uninitialized when calling memcpy. 
> 
> 
> DataBufferNative.c 
> 
> Using uninitialized value lockInfo.rasBase when calling BN_GetPixelPointer. 
> 
> fontpath.c 
> 
> You might overrun the 512 byte fixed-size string fontDirPath by copying DirP->name[index] without checking the length.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20161130/99b25e14/attachment.htm>

More information about the security-dev mailing list