# HG changeset patch # User chegar # Date 1377257565 -3600 # Node ID 94484a73ce4b1db3b0f5fb954c4f811e2ea7f868 # Parent 40a4739d1fafc9e080815b049cb72f246e4b16e5# Parent 74a9cdbd0ed8d78b4e32307774701f66067e0c2d Merge diff -r 40a4739d1faf -r 94484a73ce4b jdk/src/share/classes/com/sun/rowset/internal/XmlReaderContentHandler.java --- a/jdk/src/share/classes/com/sun/rowset/internal/XmlReaderContentHandler.java Fri Aug 23 12:32:18 2013 +0100 +++ b/jdk/src/share/classes/com/sun/rowset/internal/XmlReaderContentHandler.java Fri Aug 23 12:32:45 2013 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -660,7 +660,7 @@ //Added the handling for Class tags to take care of maps //Makes an entry into the map upon end of class tag try{ - typeMap.put(Key_map,Class.forName(Value_map)); + typeMap.put(Key_map,sun.reflect.misc.ReflectUtil.forName(Value_map)); }catch(ClassNotFoundException ex) { throw new SAXException(MessageFormat.format(resBundle.handleGetObject("xmlrch.errmap").toString(), ex.getMessage())); diff -r 40a4739d1faf -r 94484a73ce4b jdk/src/share/classes/javax/sql/rowset/spi/SyncFactory.java --- a/jdk/src/share/classes/javax/sql/rowset/spi/SyncFactory.java Fri Aug 23 12:32:18 2013 +0100 +++ b/jdk/src/share/classes/javax/sql/rowset/spi/SyncFactory.java Fri Aug 23 12:32:45 2013 +0100 @@ -35,6 +35,8 @@ import java.io.InputStream; import java.io.IOException; import java.io.FileNotFoundException; +import java.security.AccessController; +import java.security.PrivilegedAction; import javax.naming.*; @@ -348,7 +350,17 @@ /* * Dependent on application */ - String strRowsetProperties = System.getProperty("rowset.properties"); + String strRowsetProperties; + try { + strRowsetProperties = AccessController.doPrivileged(new PrivilegedAction() { + public String run() { + return System.getProperty("rowset.properties"); + } + }, null, new PropertyPermission("rowset.properties","read")); + } catch (Exception ex) { + strRowsetProperties = null; + } + if (strRowsetProperties != null) { // Load user's implementation of SyncProvider // here. -Drowset.properties=/abc/def/pqr.txt @@ -393,7 +405,16 @@ * load additional properties from -D command line */ properties.clear(); - String providerImpls = System.getProperty(ROWSET_SYNC_PROVIDER); + String providerImpls; + try { + providerImpls = AccessController.doPrivileged(new PrivilegedAction() { + public String run() { + return System.getProperty(ROWSET_SYNC_PROVIDER); + } + }, null, new PropertyPermission(ROWSET_SYNC_PROVIDER,"read")); + } catch (Exception ex) { + providerImpls = null; + } if (providerImpls != null) { int i = 0; diff -r 40a4739d1faf -r 94484a73ce4b jdk/src/share/classes/sun/security/provider/ByteArrayAccess.java --- a/jdk/src/share/classes/sun/security/provider/ByteArrayAccess.java Fri Aug 23 12:32:18 2013 +0100 +++ b/jdk/src/share/classes/sun/security/provider/ByteArrayAccess.java Fri Aug 23 12:32:45 2013 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -43,10 +43,8 @@ * These are the only platforms we currently support, but other optimized * variants could be added as needed. * - * NOTE that because this code performs unchecked direct memory access, it - * MUST be restricted to trusted code. It is imperative that the caller protects - * against out of bounds memory access by performing the necessary bounds - * checks before calling methods in this class. + * NOTE that ArrayIndexOutOfBoundsException will be thrown if the bounds checks + * failed. * * This class may also be helpful in improving the performance of the * crypto code in the SunJCE provider. However, for now it is only accessible by @@ -103,6 +101,10 @@ * byte[] to int[] conversion, little endian byte order. */ static void b2iLittle(byte[] in, int inOfs, int[] out, int outOfs, int len) { + if ((inOfs < 0) || ((in.length - inOfs) < len) || + (outOfs < 0) || ((out.length - outOfs) < len/4)) { + throw new ArrayIndexOutOfBoundsException(); + } if (littleEndianUnaligned) { inOfs += byteArrayOfs; len += inOfs; @@ -131,6 +133,10 @@ // Special optimization of b2iLittle(in, inOfs, out, 0, 64) static void b2iLittle64(byte[] in, int inOfs, int[] out) { + if ((inOfs < 0) || ((in.length - inOfs) < 64) || + (out.length < 16)) { + throw new ArrayIndexOutOfBoundsException(); + } if (littleEndianUnaligned) { inOfs += byteArrayOfs; out[ 0] = unsafe.getInt(in, (long)(inOfs )); @@ -176,6 +182,10 @@ * int[] to byte[] conversion, little endian byte order. */ static void i2bLittle(int[] in, int inOfs, byte[] out, int outOfs, int len) { + if ((inOfs < 0) || ((in.length - inOfs) < len/4) || + (outOfs < 0) || ((out.length - outOfs) < len)) { + throw new ArrayIndexOutOfBoundsException(); + } if (littleEndianUnaligned) { outOfs += byteArrayOfs; len += outOfs; @@ -204,6 +214,9 @@ // Store one 32-bit value into out[outOfs..outOfs+3] in little endian order. static void i2bLittle4(int val, byte[] out, int outOfs) { + if ((outOfs < 0) || ((out.length - outOfs) < 4)) { + throw new ArrayIndexOutOfBoundsException(); + } if (littleEndianUnaligned) { unsafe.putInt(out, (long)(byteArrayOfs + outOfs), val); } else if (bigEndian && ((outOfs & 3) == 0)) { @@ -220,6 +233,10 @@ * byte[] to int[] conversion, big endian byte order. */ static void b2iBig(byte[] in, int inOfs, int[] out, int outOfs, int len) { + if ((inOfs < 0) || ((in.length - inOfs) < len) || + (outOfs < 0) || ((out.length - outOfs) < len/4)) { + throw new ArrayIndexOutOfBoundsException(); + } if (littleEndianUnaligned) { inOfs += byteArrayOfs; len += inOfs; @@ -248,6 +265,10 @@ // Special optimization of b2iBig(in, inOfs, out, 0, 64) static void b2iBig64(byte[] in, int inOfs, int[] out) { + if ((inOfs < 0) || ((in.length - inOfs) < 64) || + (out.length < 16)) { + throw new ArrayIndexOutOfBoundsException(); + } if (littleEndianUnaligned) { inOfs += byteArrayOfs; out[ 0] = reverseBytes(unsafe.getInt(in, (long)(inOfs ))); @@ -293,6 +314,10 @@ * int[] to byte[] conversion, big endian byte order. */ static void i2bBig(int[] in, int inOfs, byte[] out, int outOfs, int len) { + if ((inOfs < 0) || ((in.length - inOfs) < len/4) || + (outOfs < 0) || ((out.length - outOfs) < len)) { + throw new ArrayIndexOutOfBoundsException(); + } if (littleEndianUnaligned) { outOfs += byteArrayOfs; len += outOfs; @@ -321,6 +346,9 @@ // Store one 32-bit value into out[outOfs..outOfs+3] in big endian order. static void i2bBig4(int val, byte[] out, int outOfs) { + if ((outOfs < 0) || ((out.length - outOfs) < 4)) { + throw new ArrayIndexOutOfBoundsException(); + } if (littleEndianUnaligned) { unsafe.putInt(out, (long)(byteArrayOfs + outOfs), reverseBytes(val)); } else if (bigEndian && ((outOfs & 3) == 0)) { @@ -337,6 +365,10 @@ * byte[] to long[] conversion, big endian byte order. */ static void b2lBig(byte[] in, int inOfs, long[] out, int outOfs, int len) { + if ((inOfs < 0) || ((in.length - inOfs) < len) || + (outOfs < 0) || ((out.length - outOfs) < len/8)) { + throw new ArrayIndexOutOfBoundsException(); + } if (littleEndianUnaligned) { inOfs += byteArrayOfs; len += inOfs; @@ -378,6 +410,10 @@ // Special optimization of b2lBig(in, inOfs, out, 0, 128) static void b2lBig128(byte[] in, int inOfs, long[] out) { + if ((inOfs < 0) || ((in.length - inOfs) < 128) || + (out.length < 16)) { + throw new ArrayIndexOutOfBoundsException(); + } if (littleEndianUnaligned) { inOfs += byteArrayOfs; out[ 0] = reverseBytes(unsafe.getLong(in, (long)(inOfs ))); @@ -406,6 +442,10 @@ * long[] to byte[] conversion, big endian byte order. */ static void l2bBig(long[] in, int inOfs, byte[] out, int outOfs, int len) { + if ((inOfs < 0) || ((in.length - inOfs) < len/8) || + (outOfs < 0) || ((out.length - outOfs) < len)) { + throw new ArrayIndexOutOfBoundsException(); + } len += outOfs; while (outOfs < len) { long i = in[inOfs++]; @@ -419,5 +459,4 @@ out[outOfs++] = (byte)(i ); } } - } diff -r 40a4739d1faf -r 94484a73ce4b jdk/src/share/lib/security/java.security-linux --- a/jdk/src/share/lib/security/java.security-linux Fri Aug 23 12:32:18 2013 +0100 +++ b/jdk/src/share/lib/security/java.security-linux Fri Aug 23 12:32:45 2013 +0100 @@ -181,6 +181,7 @@ com.sun.imageio.,\ com.sun.istack.internal.,\ com.sun.jmx.,\ + com.sun.naming.internal.,\ com.sun.proxy.,\ com.sun.org.apache.bcel.internal.,\ com.sun.org.apache.regexp.internal.,\ @@ -225,6 +226,7 @@ com.sun.imageio.,\ com.sun.istack.internal.,\ com.sun.jmx.,\ + com.sun.naming.internal.,\ com.sun.proxy.,\ com.sun.org.apache.bcel.internal.,\ com.sun.org.apache.regexp.internal.,\ diff -r 40a4739d1faf -r 94484a73ce4b jdk/src/share/lib/security/java.security-macosx --- a/jdk/src/share/lib/security/java.security-macosx Fri Aug 23 12:32:18 2013 +0100 +++ b/jdk/src/share/lib/security/java.security-macosx Fri Aug 23 12:32:45 2013 +0100 @@ -182,6 +182,7 @@ com.sun.imageio.,\ com.sun.istack.internal.,\ com.sun.jmx.,\ + com.sun.naming.internal.,\ com.sun.proxy.,\ com.sun.org.apache.bcel.internal.,\ com.sun.org.apache.regexp.internal.,\ @@ -226,6 +227,7 @@ com.sun.imageio.,\ com.sun.istack.internal.,\ com.sun.jmx.,\ + com.sun.naming.internal.,\ com.sun.proxy.,\ com.sun.org.apache.bcel.internal.,\ com.sun.org.apache.regexp.internal.,\ diff -r 40a4739d1faf -r 94484a73ce4b jdk/src/share/lib/security/java.security-solaris --- a/jdk/src/share/lib/security/java.security-solaris Fri Aug 23 12:32:18 2013 +0100 +++ b/jdk/src/share/lib/security/java.security-solaris Fri Aug 23 12:32:45 2013 +0100 @@ -183,6 +183,7 @@ com.sun.imageio.,\ com.sun.istack.internal.,\ com.sun.jmx.,\ + com.sun.naming.internal.,\ com.sun.proxy.,\ com.sun.org.apache.bcel.internal.,\ com.sun.org.apache.regexp.internal.,\ @@ -226,6 +227,7 @@ com.sun.imageio.,\ com.sun.istack.internal.,\ com.sun.jmx.,\ + com.sun.naming.internal.,\ com.sun.proxy.,\ com.sun.org.apache.bcel.internal.,\ com.sun.org.apache.regexp.internal.,\ diff -r 40a4739d1faf -r 94484a73ce4b jdk/src/share/lib/security/java.security-windows --- a/jdk/src/share/lib/security/java.security-windows Fri Aug 23 12:32:18 2013 +0100 +++ b/jdk/src/share/lib/security/java.security-windows Fri Aug 23 12:32:45 2013 +0100 @@ -182,6 +182,7 @@ com.sun.imageio.,\ com.sun.istack.internal.,\ com.sun.jmx.,\ + com.sun.naming.internal.,\ com.sun.proxy.,\ com.sun.org.apache.bcel.internal.,\ com.sun.org.apache.regexp.internal.,\ @@ -226,6 +227,7 @@ com.sun.imageio.,\ com.sun.istack.internal.,\ com.sun.jmx.,\ + com.sun.naming.internal.,\ com.sun.proxy.,\ com.sun.org.apache.bcel.internal.,\ com.sun.org.apache.regexp.internal.,\ diff -r 40a4739d1faf -r 94484a73ce4b jdk/src/share/native/sun/java2d/cmm/lcms/cmsintrp.c --- a/jdk/src/share/native/sun/java2d/cmm/lcms/cmsintrp.c Fri Aug 23 12:32:18 2013 +0100 +++ b/jdk/src/share/native/sun/java2d/cmm/lcms/cmsintrp.c Fri Aug 23 12:32:45 2013 +0100 @@ -215,6 +215,11 @@ Output[0] = LinearInterp(rest, y0, y1); } +// To prevent out of bounds indexing +cmsINLINE cmsFloat32Number fclamp(cmsFloat32Number v) +{ + return v < 0.0f ? 0.0f : (v > 1.0f ? 1.0f : v); +} // Floating-point version of 1D interpolation static @@ -227,13 +232,15 @@ int cell0, cell1; const cmsFloat32Number* LutTable = (cmsFloat32Number*) p ->Table; + val2 = fclamp(Value[0]); + // if last value... - if (Value[0] == 1.0) { + if (val2 == 1.0) { Output[0] = LutTable[p -> Domain[0]]; return; } - val2 = p -> Domain[0] * Value[0]; + val2 *= p -> Domain[0]; cell0 = (int) floor(val2); cell1 = (int) ceil(val2); @@ -292,13 +299,15 @@ cmsUInt32Number OutChan; const cmsFloat32Number* LutTable = (cmsFloat32Number*) p ->Table; + val2 = fclamp(Value[0]); + // if last value... - if (Value[0] == 1.0) { + if (val2 == 1.0) { Output[0] = LutTable[p -> Domain[0]]; return; } - val2 = p -> Domain[0] * Value[0]; + val2 *= p -> Domain[0]; cell0 = (int) floor(val2); cell1 = (int) ceil(val2); @@ -339,8 +348,8 @@ dxy; TotalOut = p -> nOutputs; - px = Input[0] * p->Domain[0]; - py = Input[1] * p->Domain[1]; + px = fclamp(Input[0]) * p->Domain[0]; + py = fclamp(Input[1]) * p->Domain[1]; x0 = (int) _cmsQuickFloor(px); fx = px - (cmsFloat32Number) x0; y0 = (int) _cmsQuickFloor(py); fy = py - (cmsFloat32Number) y0; @@ -454,20 +463,9 @@ TotalOut = p -> nOutputs; // We need some clipping here - px = Input[0]; - py = Input[1]; - pz = Input[2]; - - if (px < 0) px = 0; - if (px > 1) px = 1; - if (py < 0) py = 0; - if (py > 1) py = 1; - if (pz < 0) pz = 0; - if (pz > 1) pz = 1; - - px *= p->Domain[0]; - py *= p->Domain[1]; - pz *= p->Domain[2]; + px = fclamp(Input[0]) * p->Domain[0]; + py = fclamp(Input[1]) * p->Domain[1]; + pz = fclamp(Input[2]) * p->Domain[2]; x0 = (int) _cmsQuickFloor(px); fx = px - (cmsFloat32Number) x0; y0 = (int) _cmsQuickFloor(py); fy = py - (cmsFloat32Number) y0; @@ -609,20 +607,9 @@ TotalOut = p -> nOutputs; // We need some clipping here - px = Input[0]; - py = Input[1]; - pz = Input[2]; - - if (px < 0) px = 0; - if (px > 1) px = 1; - if (py < 0) py = 0; - if (py > 1) py = 1; - if (pz < 0) pz = 0; - if (pz > 1) pz = 1; - - px *= p->Domain[0]; - py *= p->Domain[1]; - pz *= p->Domain[2]; + px = fclamp(Input[0]) * p->Domain[0]; + py = fclamp(Input[1]) * p->Domain[1]; + pz = fclamp(Input[2]) * p->Domain[2]; x0 = (int) _cmsQuickFloor(px); rx = (px - (cmsFloat32Number) x0); y0 = (int) _cmsQuickFloor(py); ry = (py - (cmsFloat32Number) y0); @@ -1039,8 +1026,7 @@ cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS]; cmsInterpParams p1; - - pk = Input[0] * p->Domain[0]; + pk = fclamp(Input[0]) * p->Domain[0]; k0 = _cmsQuickFloor(pk); rest = pk - (cmsFloat32Number) k0; @@ -1127,7 +1113,7 @@ cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS]; cmsInterpParams p1; - pk = Input[0] * p->Domain[0]; + pk = fclamp(Input[0]) * p->Domain[0]; k0 = _cmsQuickFloor(pk); rest = pk - (cmsFloat32Number) k0; @@ -1214,7 +1200,7 @@ cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS]; cmsInterpParams p1; - pk = Input[0] * p->Domain[0]; + pk = fclamp(Input[0]) * p->Domain[0]; k0 = _cmsQuickFloor(pk); rest = pk - (cmsFloat32Number) k0; @@ -1299,7 +1285,7 @@ cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS]; cmsInterpParams p1; - pk = Input[0] * p->Domain[0]; + pk = fclamp(Input[0]) * p->Domain[0]; k0 = _cmsQuickFloor(pk); rest = pk - (cmsFloat32Number) k0; @@ -1384,7 +1370,7 @@ cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS]; cmsInterpParams p1; - pk = Input[0] * p->Domain[0]; + pk = fclamp(Input[0]) * p->Domain[0]; k0 = _cmsQuickFloor(pk); rest = pk - (cmsFloat32Number) k0; diff -r 40a4739d1faf -r 94484a73ce4b jdk/test/java/lang/SecurityManager/CheckPackageAccess.java --- a/jdk/test/java/lang/SecurityManager/CheckPackageAccess.java Fri Aug 23 12:32:18 2013 +0100 +++ b/jdk/test/java/lang/SecurityManager/CheckPackageAccess.java Fri Aug 23 12:32:45 2013 +0100 @@ -23,7 +23,7 @@ /* * @test - * @bug 6741606 7146431 8000450 + * @bug 6741606 7146431 8000450 8022945 * @summary Make sure all restricted packages listed in the package.access * property in the java.security file are blocked * @run main/othervm CheckPackageAccess @@ -54,6 +54,7 @@ "com.sun.imageio.", "com.sun.istack.internal.", "com.sun.jmx.", + "com.sun.naming.internal.", "com.sun.proxy.", "com.sun.org.apache.bcel.internal.", "com.sun.org.apache.regexp.internal.",