Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6874643: ImageI/O JPEG is vulnerable to Heap Overflow
authorbae
Thu, 10 Sep 2009 12:26:34 +0400
changeset 4201 b3906ffdbcd6
parent 4200 7761313b9b16
child 4202 20061d84dd36
6874643: ImageI/O JPEG is vulnerable to Heap Overflow Reviewed-by: prr, hawtin
jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c file | annotate | diff | comparison | revisions 
--- a/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c	Sat Sep 05 07:55:05 2009 -0700
+++ b/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c	Thu Sep 10 12:26:34 2009 +0400
@@ -1833,6 +1833,13 @@
         return JNI_FALSE;
     }
 
+    if (stepX > cinfo->image_width) {
+        stepX = cinfo->image_width;
+    }
+    if (stepY > cinfo->image_height) {
+        stepY = cinfo->image_height;
+    }
+
     /*
      * First get the source bands array and copy it to our local array
      * so we don't have to worry about pinning and unpinning it again.
jdk-sandbox