From c7fe4820180e8dbb0dd385331fae0e105fd16bec Mon Sep 17 00:00:00 2001 From: Phil Race Date: Fri, 20 Dec 2013 09:58:29 -0800 Subject: [PATCH] 8029854: Enhance JPEG decodings Reviewed-by: bae, vadim, mschoene --- jdk/src/share/native/sun/awt/image/gif/gifdecoder.c | 1 + jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c | 2 ++ jdk/src/share/native/sun/awt/image/jpeg/jpegdecoder.c | 3 +++ 3 files changed, 6 insertions(+) diff --git a/jdk/src/share/native/sun/awt/image/gif/gifdecoder.c b/jdk/src/share/native/sun/awt/image/gif/gifdecoder.c index 6730695c51b..e93feb6c8e9 100644 --- a/jdk/src/share/native/sun/awt/image/gif/gifdecoder.c +++ b/jdk/src/share/native/sun/awt/image/gif/gifdecoder.c @@ -249,6 +249,7 @@ Java_sun_awt_image_GifImageDecoder_parseImage(JNIEnv *env, /* fill the block */ len = (*env)->CallIntMethod(env, this, readID, blockh, remain, blockLength + 1); + if (len > blockLength + 1) len = blockLength + 1; if ((*env)->ExceptionOccurred(env)) { return 0; } diff --git a/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c b/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c index 3698bc49b2e..8c2f07693a4 100644 --- a/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c +++ b/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c @@ -945,6 +945,7 @@ imageio_fill_input_buffer(j_decompress_ptr cinfo) JPEGImageReader_readInputDataID, sb->hstreamBuffer, 0, sb->bufferLength); + if (ret > sb->bufferLength) ret = sb->bufferLength; if ((*env)->ExceptionOccurred(env) || !GET_ARRAYS(env, data, &(src->next_input_byte))) { cinfo->err->error_exit((j_common_ptr) cinfo); @@ -1041,6 +1042,7 @@ imageio_fill_suspended_buffer(j_decompress_ptr cinfo) JPEGImageReader_readInputDataID, sb->hstreamBuffer, offset, buflen); + if (ret > buflen) ret = buflen; if ((*env)->ExceptionOccurred(env) || !GET_ARRAYS(env, data, &(src->next_input_byte))) { cinfo->err->error_exit((j_common_ptr) cinfo); diff --git a/jdk/src/share/native/sun/awt/image/jpeg/jpegdecoder.c b/jdk/src/share/native/sun/awt/image/jpeg/jpegdecoder.c index 1ccfc390b24..051c910cd83 100644 --- a/jdk/src/share/native/sun/awt/image/jpeg/jpegdecoder.c +++ b/jdk/src/share/native/sun/awt/image/jpeg/jpegdecoder.c @@ -289,6 +289,7 @@ sun_jpeg_fill_input_buffer(j_decompress_ptr cinfo) buflen = (*env)->GetArrayLength(env, src->hInputBuffer); ret = (*env)->CallIntMethod(env, src->hInputStream, InputStream_readID, src->hInputBuffer, 0, buflen); + if (ret > buflen) ret = buflen; if ((*env)->ExceptionOccurred(env) || !GET_ARRAYS(env, src)) { cinfo->err->error_exit((struct jpeg_common_struct *) cinfo); } @@ -349,6 +350,7 @@ sun_jpeg_fill_suspended_buffer(j_decompress_ptr cinfo) } ret = (*env)->CallIntMethod(env, src->hInputStream, InputStream_readID, src->hInputBuffer, offset, buflen); + if (ret > buflen) ret = buflen; if ((*env)->ExceptionOccurred(env) || !GET_ARRAYS(env, src)) { cinfo->err->error_exit((struct jpeg_common_struct *) cinfo); } @@ -424,6 +426,7 @@ sun_jpeg_skip_input_data(j_decompress_ptr cinfo, long num_bytes) ret = (*env)->CallIntMethod(env, src->hInputStream, InputStream_readID, src->hInputBuffer, 0, buflen); + if (ret > buflen) ret = buflen; if ((*env)->ExceptionOccurred(env)) { cinfo->err->error_exit((struct jpeg_common_struct *) cinfo); }