--- a/jdk/src/share/classes/com/sun/rowset/internal/XmlReaderContentHandler.java Fri Aug 30 09:37:29 2013 +0100
+++ b/jdk/src/share/classes/com/sun/rowset/internal/XmlReaderContentHandler.java Fri Aug 30 09:38:23 2013 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -660,7 +660,7 @@
//Added the handling for Class tags to take care of maps
//Makes an entry into the map upon end of class tag
try{
- typeMap.put(Key_map,Class.forName(Value_map));
+ typeMap.put(Key_map,sun.reflect.misc.ReflectUtil.forName(Value_map));
}catch(ClassNotFoundException ex) {
throw new SAXException(MessageFormat.format(resBundle.handleGetObject("xmlrch.errmap").toString(), ex.getMessage()));
--- a/jdk/src/share/classes/javax/sql/rowset/spi/SyncFactory.java Fri Aug 30 09:37:29 2013 +0100
+++ b/jdk/src/share/classes/javax/sql/rowset/spi/SyncFactory.java Fri Aug 30 09:38:23 2013 +0100
@@ -35,6 +35,8 @@
import java.io.InputStream;
import java.io.IOException;
import java.io.FileNotFoundException;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import javax.naming.*;
@@ -348,7 +350,17 @@
/*
* Dependent on application
*/
- String strRowsetProperties = System.getProperty("rowset.properties");
+ String strRowsetProperties;
+ try {
+ strRowsetProperties = AccessController.doPrivileged(new PrivilegedAction<String>() {
+ public String run() {
+ return System.getProperty("rowset.properties");
+ }
+ }, null, new PropertyPermission("rowset.properties","read"));
+ } catch (Exception ex) {
+ strRowsetProperties = null;
+ }
+
if (strRowsetProperties != null) {
// Load user's implementation of SyncProvider
// here. -Drowset.properties=/abc/def/pqr.txt
@@ -393,7 +405,16 @@
* load additional properties from -D command line
*/
properties.clear();
- String providerImpls = System.getProperty(ROWSET_SYNC_PROVIDER);
+ String providerImpls;
+ try {
+ providerImpls = AccessController.doPrivileged(new PrivilegedAction<String>() {
+ public String run() {
+ return System.getProperty(ROWSET_SYNC_PROVIDER);
+ }
+ }, null, new PropertyPermission(ROWSET_SYNC_PROVIDER,"read"));
+ } catch (Exception ex) {
+ providerImpls = null;
+ }
if (providerImpls != null) {
int i = 0;
--- a/jdk/src/share/classes/sun/security/provider/ByteArrayAccess.java Fri Aug 30 09:37:29 2013 +0100
+++ b/jdk/src/share/classes/sun/security/provider/ByteArrayAccess.java Fri Aug 30 09:38:23 2013 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -43,10 +43,8 @@
* These are the only platforms we currently support, but other optimized
* variants could be added as needed.
*
- * NOTE that because this code performs unchecked direct memory access, it
- * MUST be restricted to trusted code. It is imperative that the caller protects
- * against out of bounds memory access by performing the necessary bounds
- * checks before calling methods in this class.
+ * NOTE that ArrayIndexOutOfBoundsException will be thrown if the bounds checks
+ * failed.
*
* This class may also be helpful in improving the performance of the
* crypto code in the SunJCE provider. However, for now it is only accessible by
@@ -103,6 +101,10 @@
* byte[] to int[] conversion, little endian byte order.
*/
static void b2iLittle(byte[] in, int inOfs, int[] out, int outOfs, int len) {
+ if ((inOfs < 0) || ((in.length - inOfs) < len) ||
+ (outOfs < 0) || ((out.length - outOfs) < len/4)) {
+ throw new ArrayIndexOutOfBoundsException();
+ }
if (littleEndianUnaligned) {
inOfs += byteArrayOfs;
len += inOfs;
@@ -131,6 +133,10 @@
// Special optimization of b2iLittle(in, inOfs, out, 0, 64)
static void b2iLittle64(byte[] in, int inOfs, int[] out) {
+ if ((inOfs < 0) || ((in.length - inOfs) < 64) ||
+ (out.length < 16)) {
+ throw new ArrayIndexOutOfBoundsException();
+ }
if (littleEndianUnaligned) {
inOfs += byteArrayOfs;
out[ 0] = unsafe.getInt(in, (long)(inOfs ));
@@ -176,6 +182,10 @@
* int[] to byte[] conversion, little endian byte order.
*/
static void i2bLittle(int[] in, int inOfs, byte[] out, int outOfs, int len) {
+ if ((inOfs < 0) || ((in.length - inOfs) < len/4) ||
+ (outOfs < 0) || ((out.length - outOfs) < len)) {
+ throw new ArrayIndexOutOfBoundsException();
+ }
if (littleEndianUnaligned) {
outOfs += byteArrayOfs;
len += outOfs;
@@ -204,6 +214,9 @@
// Store one 32-bit value into out[outOfs..outOfs+3] in little endian order.
static void i2bLittle4(int val, byte[] out, int outOfs) {
+ if ((outOfs < 0) || ((out.length - outOfs) < 4)) {
+ throw new ArrayIndexOutOfBoundsException();
+ }
if (littleEndianUnaligned) {
unsafe.putInt(out, (long)(byteArrayOfs + outOfs), val);
} else if (bigEndian && ((outOfs & 3) == 0)) {
@@ -220,6 +233,10 @@
* byte[] to int[] conversion, big endian byte order.
*/
static void b2iBig(byte[] in, int inOfs, int[] out, int outOfs, int len) {
+ if ((inOfs < 0) || ((in.length - inOfs) < len) ||
+ (outOfs < 0) || ((out.length - outOfs) < len/4)) {
+ throw new ArrayIndexOutOfBoundsException();
+ }
if (littleEndianUnaligned) {
inOfs += byteArrayOfs;
len += inOfs;
@@ -248,6 +265,10 @@
// Special optimization of b2iBig(in, inOfs, out, 0, 64)
static void b2iBig64(byte[] in, int inOfs, int[] out) {
+ if ((inOfs < 0) || ((in.length - inOfs) < 64) ||
+ (out.length < 16)) {
+ throw new ArrayIndexOutOfBoundsException();
+ }
if (littleEndianUnaligned) {
inOfs += byteArrayOfs;
out[ 0] = reverseBytes(unsafe.getInt(in, (long)(inOfs )));
@@ -293,6 +314,10 @@
* int[] to byte[] conversion, big endian byte order.
*/
static void i2bBig(int[] in, int inOfs, byte[] out, int outOfs, int len) {
+ if ((inOfs < 0) || ((in.length - inOfs) < len/4) ||
+ (outOfs < 0) || ((out.length - outOfs) < len)) {
+ throw new ArrayIndexOutOfBoundsException();
+ }
if (littleEndianUnaligned) {
outOfs += byteArrayOfs;
len += outOfs;
@@ -321,6 +346,9 @@
// Store one 32-bit value into out[outOfs..outOfs+3] in big endian order.
static void i2bBig4(int val, byte[] out, int outOfs) {
+ if ((outOfs < 0) || ((out.length - outOfs) < 4)) {
+ throw new ArrayIndexOutOfBoundsException();
+ }
if (littleEndianUnaligned) {
unsafe.putInt(out, (long)(byteArrayOfs + outOfs), reverseBytes(val));
} else if (bigEndian && ((outOfs & 3) == 0)) {
@@ -337,6 +365,10 @@
* byte[] to long[] conversion, big endian byte order.
*/
static void b2lBig(byte[] in, int inOfs, long[] out, int outOfs, int len) {
+ if ((inOfs < 0) || ((in.length - inOfs) < len) ||
+ (outOfs < 0) || ((out.length - outOfs) < len/8)) {
+ throw new ArrayIndexOutOfBoundsException();
+ }
if (littleEndianUnaligned) {
inOfs += byteArrayOfs;
len += inOfs;
@@ -378,6 +410,10 @@
// Special optimization of b2lBig(in, inOfs, out, 0, 128)
static void b2lBig128(byte[] in, int inOfs, long[] out) {
+ if ((inOfs < 0) || ((in.length - inOfs) < 128) ||
+ (out.length < 16)) {
+ throw new ArrayIndexOutOfBoundsException();
+ }
if (littleEndianUnaligned) {
inOfs += byteArrayOfs;
out[ 0] = reverseBytes(unsafe.getLong(in, (long)(inOfs )));
@@ -406,6 +442,10 @@
* long[] to byte[] conversion, big endian byte order.
*/
static void l2bBig(long[] in, int inOfs, byte[] out, int outOfs, int len) {
+ if ((inOfs < 0) || ((in.length - inOfs) < len/8) ||
+ (outOfs < 0) || ((out.length - outOfs) < len)) {
+ throw new ArrayIndexOutOfBoundsException();
+ }
len += outOfs;
while (outOfs < len) {
long i = in[inOfs++];
@@ -419,5 +459,4 @@
out[outOfs++] = (byte)(i );
}
}
-
}
--- a/jdk/src/share/lib/security/java.security-linux Fri Aug 30 09:37:29 2013 +0100
+++ b/jdk/src/share/lib/security/java.security-linux Fri Aug 30 09:38:23 2013 +0100
@@ -181,6 +181,7 @@
com.sun.imageio.,\
com.sun.istack.internal.,\
com.sun.jmx.,\
+ com.sun.naming.internal.,\
com.sun.proxy.,\
com.sun.org.apache.bcel.internal.,\
com.sun.org.apache.regexp.internal.,\
@@ -225,6 +226,7 @@
com.sun.imageio.,\
com.sun.istack.internal.,\
com.sun.jmx.,\
+ com.sun.naming.internal.,\
com.sun.proxy.,\
com.sun.org.apache.bcel.internal.,\
com.sun.org.apache.regexp.internal.,\
--- a/jdk/src/share/lib/security/java.security-macosx Fri Aug 30 09:37:29 2013 +0100
+++ b/jdk/src/share/lib/security/java.security-macosx Fri Aug 30 09:38:23 2013 +0100
@@ -182,6 +182,7 @@
com.sun.imageio.,\
com.sun.istack.internal.,\
com.sun.jmx.,\
+ com.sun.naming.internal.,\
com.sun.proxy.,\
com.sun.org.apache.bcel.internal.,\
com.sun.org.apache.regexp.internal.,\
@@ -226,6 +227,7 @@
com.sun.imageio.,\
com.sun.istack.internal.,\
com.sun.jmx.,\
+ com.sun.naming.internal.,\
com.sun.proxy.,\
com.sun.org.apache.bcel.internal.,\
com.sun.org.apache.regexp.internal.,\
--- a/jdk/src/share/lib/security/java.security-solaris Fri Aug 30 09:37:29 2013 +0100
+++ b/jdk/src/share/lib/security/java.security-solaris Fri Aug 30 09:38:23 2013 +0100
@@ -183,6 +183,7 @@
com.sun.imageio.,\
com.sun.istack.internal.,\
com.sun.jmx.,\
+ com.sun.naming.internal.,\
com.sun.proxy.,\
com.sun.org.apache.bcel.internal.,\
com.sun.org.apache.regexp.internal.,\
@@ -226,6 +227,7 @@
com.sun.imageio.,\
com.sun.istack.internal.,\
com.sun.jmx.,\
+ com.sun.naming.internal.,\
com.sun.proxy.,\
com.sun.org.apache.bcel.internal.,\
com.sun.org.apache.regexp.internal.,\
--- a/jdk/src/share/lib/security/java.security-windows Fri Aug 30 09:37:29 2013 +0100
+++ b/jdk/src/share/lib/security/java.security-windows Fri Aug 30 09:38:23 2013 +0100
@@ -182,6 +182,7 @@
com.sun.imageio.,\
com.sun.istack.internal.,\
com.sun.jmx.,\
+ com.sun.naming.internal.,\
com.sun.proxy.,\
com.sun.org.apache.bcel.internal.,\
com.sun.org.apache.regexp.internal.,\
@@ -226,6 +227,7 @@
com.sun.imageio.,\
com.sun.istack.internal.,\
com.sun.jmx.,\
+ com.sun.naming.internal.,\
com.sun.proxy.,\
com.sun.org.apache.bcel.internal.,\
com.sun.org.apache.regexp.internal.,\
--- a/jdk/src/share/native/sun/java2d/cmm/lcms/cmsintrp.c Fri Aug 30 09:37:29 2013 +0100
+++ b/jdk/src/share/native/sun/java2d/cmm/lcms/cmsintrp.c Fri Aug 30 09:38:23 2013 +0100
@@ -215,6 +215,11 @@
Output[0] = LinearInterp(rest, y0, y1);
}
+// To prevent out of bounds indexing
+cmsINLINE cmsFloat32Number fclamp(cmsFloat32Number v)
+{
+ return v < 0.0f ? 0.0f : (v > 1.0f ? 1.0f : v);
+}
// Floating-point version of 1D interpolation
static
@@ -227,13 +232,15 @@
int cell0, cell1;
const cmsFloat32Number* LutTable = (cmsFloat32Number*) p ->Table;
+ val2 = fclamp(Value[0]);
+
// if last value...
- if (Value[0] == 1.0) {
+ if (val2 == 1.0) {
Output[0] = LutTable[p -> Domain[0]];
return;
}
- val2 = p -> Domain[0] * Value[0];
+ val2 *= p -> Domain[0];
cell0 = (int) floor(val2);
cell1 = (int) ceil(val2);
@@ -292,13 +299,15 @@
cmsUInt32Number OutChan;
const cmsFloat32Number* LutTable = (cmsFloat32Number*) p ->Table;
+ val2 = fclamp(Value[0]);
+
// if last value...
- if (Value[0] == 1.0) {
+ if (val2 == 1.0) {
Output[0] = LutTable[p -> Domain[0]];
return;
}
- val2 = p -> Domain[0] * Value[0];
+ val2 *= p -> Domain[0];
cell0 = (int) floor(val2);
cell1 = (int) ceil(val2);
@@ -339,8 +348,8 @@
dxy;
TotalOut = p -> nOutputs;
- px = Input[0] * p->Domain[0];
- py = Input[1] * p->Domain[1];
+ px = fclamp(Input[0]) * p->Domain[0];
+ py = fclamp(Input[1]) * p->Domain[1];
x0 = (int) _cmsQuickFloor(px); fx = px - (cmsFloat32Number) x0;
y0 = (int) _cmsQuickFloor(py); fy = py - (cmsFloat32Number) y0;
@@ -454,20 +463,9 @@
TotalOut = p -> nOutputs;
// We need some clipping here
- px = Input[0];
- py = Input[1];
- pz = Input[2];
-
- if (px < 0) px = 0;
- if (px > 1) px = 1;
- if (py < 0) py = 0;
- if (py > 1) py = 1;
- if (pz < 0) pz = 0;
- if (pz > 1) pz = 1;
-
- px *= p->Domain[0];
- py *= p->Domain[1];
- pz *= p->Domain[2];
+ px = fclamp(Input[0]) * p->Domain[0];
+ py = fclamp(Input[1]) * p->Domain[1];
+ pz = fclamp(Input[2]) * p->Domain[2];
x0 = (int) _cmsQuickFloor(px); fx = px - (cmsFloat32Number) x0;
y0 = (int) _cmsQuickFloor(py); fy = py - (cmsFloat32Number) y0;
@@ -609,20 +607,9 @@
TotalOut = p -> nOutputs;
// We need some clipping here
- px = Input[0];
- py = Input[1];
- pz = Input[2];
-
- if (px < 0) px = 0;
- if (px > 1) px = 1;
- if (py < 0) py = 0;
- if (py > 1) py = 1;
- if (pz < 0) pz = 0;
- if (pz > 1) pz = 1;
-
- px *= p->Domain[0];
- py *= p->Domain[1];
- pz *= p->Domain[2];
+ px = fclamp(Input[0]) * p->Domain[0];
+ py = fclamp(Input[1]) * p->Domain[1];
+ pz = fclamp(Input[2]) * p->Domain[2];
x0 = (int) _cmsQuickFloor(px); rx = (px - (cmsFloat32Number) x0);
y0 = (int) _cmsQuickFloor(py); ry = (py - (cmsFloat32Number) y0);
@@ -1039,8 +1026,7 @@
cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS];
cmsInterpParams p1;
-
- pk = Input[0] * p->Domain[0];
+ pk = fclamp(Input[0]) * p->Domain[0];
k0 = _cmsQuickFloor(pk);
rest = pk - (cmsFloat32Number) k0;
@@ -1127,7 +1113,7 @@
cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS];
cmsInterpParams p1;
- pk = Input[0] * p->Domain[0];
+ pk = fclamp(Input[0]) * p->Domain[0];
k0 = _cmsQuickFloor(pk);
rest = pk - (cmsFloat32Number) k0;
@@ -1214,7 +1200,7 @@
cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS];
cmsInterpParams p1;
- pk = Input[0] * p->Domain[0];
+ pk = fclamp(Input[0]) * p->Domain[0];
k0 = _cmsQuickFloor(pk);
rest = pk - (cmsFloat32Number) k0;
@@ -1299,7 +1285,7 @@
cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS];
cmsInterpParams p1;
- pk = Input[0] * p->Domain[0];
+ pk = fclamp(Input[0]) * p->Domain[0];
k0 = _cmsQuickFloor(pk);
rest = pk - (cmsFloat32Number) k0;
@@ -1384,7 +1370,7 @@
cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS];
cmsInterpParams p1;
- pk = Input[0] * p->Domain[0];
+ pk = fclamp(Input[0]) * p->Domain[0];
k0 = _cmsQuickFloor(pk);
rest = pk - (cmsFloat32Number) k0;
--- a/jdk/test/java/lang/SecurityManager/CheckPackageAccess.java Fri Aug 30 09:37:29 2013 +0100
+++ b/jdk/test/java/lang/SecurityManager/CheckPackageAccess.java Fri Aug 30 09:38:23 2013 +0100
@@ -23,7 +23,7 @@
/*
* @test
- * @bug 6741606 7146431 8000450
+ * @bug 6741606 7146431 8000450 8022945
* @summary Make sure all restricted packages listed in the package.access
* property in the java.security file are blocked
* @run main/othervm CheckPackageAccess
@@ -54,6 +54,7 @@
"com.sun.imageio.",
"com.sun.istack.internal.",
"com.sun.jmx.",
+ "com.sun.naming.internal.",
"com.sun.proxy.",
"com.sun.org.apache.bcel.internal.",
"com.sun.org.apache.regexp.internal.",