# HG changeset patch
# User dkononenko
# Date 1487071901 -10800
# Node ID 526103bd9c57df9ddd197c8142f8c2175042ea8f
# Parent  497288c158bf4880de2870ccb4bb85c963e6996e
8169715: jimage fails with IAE when attempts to inspect an empty file
Summary: Added buffer's capacity checks.
Reviewed-by: jlaskey, anazarov
Contributed-by: denis.kononenko@oracle.com

diff -r 497288c158bf -r 526103bd9c57 jdk/src/java.base/share/classes/jdk/internal/jimage/BasicImageReader.java
--- a/jdk/src/java.base/share/classes/jdk/internal/jimage/BasicImageReader.java	Tue Feb 14 10:49:43 2017 +0000
+++ b/jdk/src/java.base/share/classes/jdk/internal/jimage/BasicImageReader.java	Tue Feb 14 14:31:41 2017 +0300
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -137,10 +137,15 @@
         int headerSize = ImageHeader.getHeaderSize();
 
         // If no memory map then read header from image file
-        if (map == null) {
+        if (headerBuffer == null) {
             headerBuffer = ByteBuffer.allocateDirect(headerSize);
-            channel.read(headerBuffer, 0L);
-            headerBuffer.rewind();
+            if (channel.read(headerBuffer, 0L) == headerSize) {
+                headerBuffer.rewind();
+            } else {
+                throw new IOException("\"" + name + "\" is not an image file");
+            }
+        } else if (headerBuffer.capacity() < headerSize) {
+            throw new IOException("\"" + name + "\" is not an image file");
         }
 
         // Interpret the image file header
@@ -156,6 +161,9 @@
         memoryMap = map.asReadOnlyBuffer();
 
         // Interpret the image index
+        if (memoryMap.capacity() < indexSize) {
+            throw new IOException("The image file \"" + name + "\" is corrupted");
+        }
         redirect = intBuffer(memoryMap, header.getRedirectOffset(), header.getRedirectSize());
         offsets = intBuffer(memoryMap, header.getOffsetsOffset(), header.getOffsetsSize());
         locations = slice(memoryMap, header.getLocationsOffset(), header.getLocationsSize());