<Swing Dev> RfR JDK-8153149, Uninitialised memory in WinAccessBridge.cpp:1128
Pete Brunet
peter.brunet at oracle.com
Mon Apr 4 14:09:03 UTC 2016
On 4/1/16 5:54 PM, Phil Race wrote:
> You say its a simple fix but I need you to confirm if i have it right
>
> What I see is that pkg is a pointer to part of "buffer" but the
> contents of that buffer are not initialised so the field rVMID is
> garbage.
> So you should not use it. So far so good.
>
> But then a reader must ask himself
> 1) where does pkgVMID get initialised and used
> 2) where does pkg->rVMID get initalised and used
>
>
> I suppose that the answer to (1) is
>
> if (getAccessibleContextFromHWND(window, (long *)&(pkgVMID). ...)
>
> and it then gets used in the call
>
> findAccessBridgeWindow((long)pkgVMID); and for (2) that the call to
> sendMemoryPackage(..) fills in everything in buffer,
>
> including implicity "pkg", and this gets used here
>
> *vmID = pkg->rVMID;
>
>
> Is this right ?
Yes, That is all correct.
>
> The odd thing is that pkgVMID and pkg->rVMID are not obviously the
> same thing at all so the deleted assignment was really odd ..
True, I don't have a clue as to why that was there and the original
developers are long gone. Maybe the code was much different at one
time. The extra unneeded indentation might indicate that. I looked
through the code to see if pkgVMID might have been an in/out instead of
just an out on the call to findAccessBrdige but it's just an out.
Pete
>
> -phil.
>
> On 04/01/2016 11:54 AM, Pete Brunet wrote:
>> Please review this simple fix:
>> https://bugs.openjdk.java.net/browse/JDK-8153149
>> http://cr.openjdk.java.net/~ptbrunet/JDK-8153149/webrev.00/
>>
>
More information about the swing-dev
mailing list