<Sound Dev> RFR: 8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7

Alexander Zuev kizune at openjdk.java.net
Mon Nov 9 23:58:55 UTC 2020 

On Mon, 9 Nov 2020 20:17:44 GMT, Sergey Bylokhov <serb at openjdk.org> wrote:

> The JavaSound supports the special system exclusive message(SysexMessage). 
> 
> An important part of the spec:
> 
>> Data of a system exclusive message should be stored in the data array of a {@code SysexMessage} as follows: the system exclusive message status byte (0xF0 or 0xF7), all message data bytes, and finally the end-of-exclusive flag (0xF7):
>> 
>> The first {@code SysexMessage} object containing data for a particular system
>> exclusive message should have the status value 0xF0. If this message contains
>> all the system exclusive data for the message, it should end with the status
>> byte 0xF7 (EOX). Otherwise, additional system exclusive data should be sent
>> in one or more {@code SysexMessages} with a status value of 0xF7. The
>> {@code SysexMessage} containing the last of the data for the system exclusive
>> message should end with the value 0xF7 (EOX) to mark the end of the system
>>  exclusive message.
> 
> In short, the text above can be represented by these examples:
> 1. SImple case: `SysexMessage{0xF0, some_data, 0xF7}`
> 2. "Continuation" sysex messages: `SysexMessage{0xF0,some_data}, SysexMessage{0xF7,some_data}, SysexMessage{0xF7,some_data}, SysexMessage{0xF7,some_data, 0xF7}.`
> 
> 
> Note that the second case above the "SysexMessage{0xF7,some_data}" is named as a "continuation" sysex messages.
> Usually, when a create a sysex message we carefully calculate the size of the message before sending it to the native code, but the "continuation" sysex messages were implemented in 2003 directly in native after all checks are done, and it just skips the status byte and tries to push nonexistent data to the native device.
> 
> So the culprit is in the message like this:
> `SysexMessage{0xF0,some_data}, SysexMessage{0xF7}.`
> 
> The code assumes that the second message is "continuation", but it does not, it just ends the previous message.
> 
> After the fix, we will not consider the 0xF7 as a continuation if there are no data after.

Marked as reviewed by kizune (Reviewer).

-------------

PR: https://git.openjdk.java.net/jdk/pull/1135

More information about the sound-dev mailing list