提交 ca970328 编写于 作者: A anthony

8009071: Improve shape handling

Reviewed-by: art, mschoene
上级 003e9be2
...@@ -29,6 +29,7 @@ ...@@ -29,6 +29,7 @@
#import "LWCToolkit.h" #import "LWCToolkit.h"
#import "sun_lwawt_macosx_CRobot.h" #import "sun_lwawt_macosx_CRobot.h"
#import "java_awt_event_InputEvent.h" #import "java_awt_event_InputEvent.h"
#import "sizecalc.h"
// Starting number for event numbers generated by Robot. // Starting number for event numbers generated by Robot.
...@@ -115,7 +116,7 @@ Java_sun_lwawt_macosx_CRobot_initRobot ...@@ -115,7 +116,7 @@ Java_sun_lwawt_macosx_CRobot_initRobot
gsLastClickTime = 0; gsLastClickTime = 0;
gsEventNumber = ROBOT_EVENT_NUMBER_START; gsEventNumber = ROBOT_EVENT_NUMBER_START;
gsButtonEventNumber = (int*)malloc(sizeof(int) * gNumberOfButtons); gsButtonEventNumber = (int*)SAFE_SIZE_ARRAY_ALLOC(malloc, sizeof(int), gNumberOfButtons);
if (gsButtonEventNumber == NULL) { if (gsButtonEventNumber == NULL) {
JNU_ThrowOutOfMemoryError(env, NULL); JNU_ThrowOutOfMemoryError(env, NULL);
return; return;
......
...@@ -37,6 +37,8 @@ ...@@ -37,6 +37,8 @@
#import "sun_lwawt_macosx_LWCToolkit.h" #import "sun_lwawt_macosx_LWCToolkit.h"
#import "sizecalc.h"
int gNumberOfButtons; int gNumberOfButtons;
jint* gButtonDownMasks; jint* gButtonDownMasks;
...@@ -202,7 +204,7 @@ Java_sun_lwawt_macosx_LWCToolkit_initIDs ...@@ -202,7 +204,7 @@ Java_sun_lwawt_macosx_LWCToolkit_initIDs
jintArray obj = (jintArray)(*env)->CallStaticObjectMethod(env, inputEventClazz, getButtonDownMasksID); jintArray obj = (jintArray)(*env)->CallStaticObjectMethod(env, inputEventClazz, getButtonDownMasksID);
jint * tmp = (*env)->GetIntArrayElements(env, obj, JNI_FALSE); jint * tmp = (*env)->GetIntArrayElements(env, obj, JNI_FALSE);
gButtonDownMasks = (jint*)malloc(sizeof(jint) * gNumberOfButtons); gButtonDownMasks = (jint*)SAFE_SIZE_ARRAY_ALLOC(malloc, sizeof(jint), gNumberOfButtons);
if (gButtonDownMasks == NULL) { if (gButtonDownMasks == NULL) {
gNumberOfButtons = 0; gNumberOfButtons = 0;
JNU_ThrowOutOfMemoryError(env, NULL); JNU_ThrowOutOfMemoryError(env, NULL);
......
...@@ -44,6 +44,7 @@ ...@@ -44,6 +44,7 @@
#include <unistd.h> #include <unistd.h>
#include <dlfcn.h> #include <dlfcn.h>
#include <sizecalc.h>
static NSScreen* SplashNSScreen() static NSScreen* SplashNSScreen()
{ {
...@@ -99,9 +100,12 @@ char* SplashConvertStringAlloc(const char* in, int* size) { ...@@ -99,9 +100,12 @@ char* SplashConvertStringAlloc(const char* in, int* size) {
goto done; goto done;
} }
inSize = strlen(in); inSize = strlen(in);
buf = SAFE_SIZE_ARRAY_ALLOC(malloc, inSize, 2);
if (!buf) {
return NULL;
}
bufSize = inSize*2; // need 2 bytes per char for UCS-2, this is bufSize = inSize*2; // need 2 bytes per char for UCS-2, this is
// 2 bytes per source byte max // 2 bytes per source byte max
buf = malloc(bufSize);
out = buf; outSize = bufSize; out = buf; outSize = bufSize;
/* linux iconv wants char** source and solaris wants const char**... /* linux iconv wants char** source and solaris wants const char**...
cast to void* */ cast to void* */
......
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
#ifndef SIZECALC_H
#define SIZECALC_H
/*
* A machinery for safe calculation of sizes used when allocating memory.
*
* All size checks are performed against the SIZE_MAX (the maximum value for
* size_t). All numerical arguments as well as the result of calculation must
* be non-negative integers less than or equal to SIZE_MAX, otherwise the
* calculated size is considered unsafe.
*
* If the SIZECALC_ALLOC_THROWING_BAD_ALLOC macro is defined, then _ALLOC_
* helper macros throw the std::bad_alloc instead of returning NULL.
*/
#include <stdint.h> /* SIZE_MAX for C99+ */
/* http://stackoverflow.com/questions/3472311/what-is-a-portable-method-to-find-the-maximum-value-of-size-t */
#ifndef SIZE_MAX
#define SIZE_MAX ((size_t)-1)
#endif
#define IS_SAFE_SIZE_T(x) ((x) >= 0 && (unsigned long long)(x) <= SIZE_MAX)
#define IS_SAFE_SIZE_MUL(m, n) \
(IS_SAFE_SIZE_T(m) && IS_SAFE_SIZE_T(n) && ((m) == 0 || (n) == 0 || (size_t)(n) <= (SIZE_MAX / (size_t)(m))))
#define IS_SAFE_SIZE_ADD(a, b) \
(IS_SAFE_SIZE_T(a) && IS_SAFE_SIZE_T(b) && (size_t)(b) <= (SIZE_MAX - (size_t)(a)))
/* Helper macros */
#ifdef SIZECALC_ALLOC_THROWING_BAD_ALLOC
#define FAILURE_RESULT throw std::bad_alloc()
#else
#define FAILURE_RESULT NULL
#endif
/*
* A helper macro to safely allocate an array of size m*n.
* Example usage:
* int* p = (int*)SAFE_SIZE_ARRAY_ALLOC(malloc, sizeof(int), n);
* if (!p) throw OutOfMemory;
* // Use the allocated array...
*/
#define SAFE_SIZE_ARRAY_ALLOC(func, m, n) \
(IS_SAFE_SIZE_MUL((m), (n)) ? ((func)((m) * (n))) : FAILURE_RESULT)
#define SAFE_SIZE_ARRAY_REALLOC(func, p, m, n) \
(IS_SAFE_SIZE_MUL((m), (n)) ? ((func)((p), (m) * (n))) : FAILURE_RESULT)
/*
* A helper macro to safely allocate an array of type 'type' with 'n' items
* using the C++ new[] operator.
* Example usage:
* MyClass* p = SAFE_SIZE_NEW_ARRAY(MyClass, n);
* // Use the pointer.
* This macro throws the std::bad_alloc C++ exception to indicate
* a failure.
* NOTE: if 'n' is calculated, the calling code is responsible for using the
* IS_SAFE_... macros to check if the calculations are safe.
*/
#define SAFE_SIZE_NEW_ARRAY(type, n) \
(IS_SAFE_SIZE_MUL(sizeof(type), (n)) ? (new type[(n)]) : throw std::bad_alloc())
#define SAFE_SIZE_NEW_ARRAY2(type, n, m) \
(IS_SAFE_SIZE_MUL((m), (n)) && IS_SAFE_SIZE_MUL(sizeof(type), (n) * (m)) ? \
(new type[(n) * (m)]) : throw std::bad_alloc())
/*
* Checks if a data structure of size (a + m*n) can be safely allocated
* w/o producing an integer overflow when calculating its size.
*/
#define IS_SAFE_STRUCT_SIZE(a, m, n) \
( \
IS_SAFE_SIZE_MUL((m), (n)) && IS_SAFE_SIZE_ADD((m) * (n), (a)) \
)
/*
* A helper macro for implementing safe memory allocation for a data structure
* of size (a + m * n).
* Example usage:
* void * p = SAFE_SIZE_ALLOC(malloc, header, num, itemSize);
* if (!p) throw OutOfMemory;
* // Use the allocated memory...
*/
#define SAFE_SIZE_STRUCT_ALLOC(func, a, m, n) \
(IS_SAFE_STRUCT_SIZE((a), (m), (n)) ? ((func)((a) + (m) * (n))) : FAILURE_RESULT)
#endif /* SIZECALC_H */
...@@ -26,6 +26,7 @@ ...@@ -26,6 +26,7 @@
#include "splashscreen_impl.h" #include "splashscreen_impl.h"
#include <jni.h> #include <jni.h>
#include <jlong_md.h> #include <jlong_md.h>
#include <sizecalc.h>
JNIEXPORT jint JNICALL JNIEXPORT jint JNICALL
JNI_OnLoad(JavaVM * vm, void *reserved) JNI_OnLoad(JavaVM * vm, void *reserved)
...@@ -57,7 +58,7 @@ Java_java_awt_SplashScreen__1update(JNIEnv * env, jclass thisClass, ...@@ -57,7 +58,7 @@ Java_java_awt_SplashScreen__1update(JNIEnv * env, jclass thisClass,
if (splash->overlayData) { if (splash->overlayData) {
free(splash->overlayData); free(splash->overlayData);
} }
splash->overlayData = malloc(dataSize * sizeof(rgbquad_t)); splash->overlayData = SAFE_SIZE_ARRAY_ALLOC(malloc, dataSize, sizeof(rgbquad_t));
if (splash->overlayData) { if (splash->overlayData) {
/* we need a copy anyway, so we'll be using GetIntArrayRegion */ /* we need a copy anyway, so we'll be using GetIntArrayRegion */
(*env)->GetIntArrayRegion(env, data, 0, dataSize, (*env)->GetIntArrayRegion(env, data, 0, dataSize,
......
...@@ -28,6 +28,8 @@ ...@@ -28,6 +28,8 @@
#include <gif_lib.h> #include <gif_lib.h>
#include "sizecalc.h"
#define GIF_TRANSPARENT 0x01 #define GIF_TRANSPARENT 0x01
#define GIF_USER_INPUT 0x02 #define GIF_USER_INPUT 0x02
#define GIF_DISPOSE_MASK 0x07 #define GIF_DISPOSE_MASK 0x07
...@@ -120,7 +122,7 @@ SplashDecodeGif(Splash * splash, GifFileType * gif) ...@@ -120,7 +122,7 @@ SplashDecodeGif(Splash * splash, GifFileType * gif)
splash->height = gif->SHeight; splash->height = gif->SHeight;
splash->frameCount = gif->ImageCount; splash->frameCount = gif->ImageCount;
splash->frames = (SplashImage *) splash->frames = (SplashImage *)
malloc(sizeof(SplashImage) * gif->ImageCount); SAFE_SIZE_ARRAY_ALLOC(malloc, sizeof(SplashImage), gif->ImageCount);
if (!splash->frames) { if (!splash->frames) {
free(pBitmapBits); free(pBitmapBits);
free(pOldBitmapBits); free(pOldBitmapBits);
...@@ -254,7 +256,7 @@ SplashDecodeGif(Splash * splash, GifFileType * gif) ...@@ -254,7 +256,7 @@ SplashDecodeGif(Splash * splash, GifFileType * gif)
// now dispose of the previous frame correctly // now dispose of the previous frame correctly
splash->frames[imageIndex].bitmapBits = splash->frames[imageIndex].bitmapBits =
(rgbquad_t *) malloc(bufferSize); (rgbquad_t *) malloc(bufferSize); // bufferSize is safe (checked above)
if (!splash->frames[imageIndex].bitmapBits) { if (!splash->frames[imageIndex].bitmapBits) {
free(pBitmapBits); free(pBitmapBits);
free(pOldBitmapBits); free(pOldBitmapBits);
......
...@@ -28,6 +28,7 @@ ...@@ -28,6 +28,7 @@
#include "jni_util.h" #include "jni_util.h"
#include "Region.h" #include "Region.h"
#include "sizecalc.h"
static jfieldID endIndexID; static jfieldID endIndexID;
static jfieldID bandsID; static jfieldID bandsID;
...@@ -260,8 +261,8 @@ RegionToYXBandedRectangles(JNIEnv *env, ...@@ -260,8 +261,8 @@ RegionToYXBandedRectangles(JNIEnv *env,
} }
Region_StartIteration(env, &clipInfo); Region_StartIteration(env, &clipInfo);
numrects = Region_CountIterationRects(&clipInfo); numrects = Region_CountIterationRects(&clipInfo);
if (numrects > initialBufferSize) { if ((unsigned long)numrects > initialBufferSize) {
*pRect = (RECT_T *) malloc(numrects * sizeof(RECT_T)); *pRect = (RECT_T *) SAFE_SIZE_ARRAY_ALLOC(malloc, numrects, sizeof(RECT_T));
if (*pRect == NULL) { if (*pRect == NULL) {
Region_EndIteration(env, &clipInfo); Region_EndIteration(env, &clipInfo);
JNU_ThrowOutOfMemoryError(env, JNU_ThrowOutOfMemoryError(env,
......
...@@ -39,6 +39,7 @@ ...@@ -39,6 +39,7 @@
#include <X11/extensions/XInput.h> #include <X11/extensions/XInput.h>
#include <X11/extensions/XI.h> #include <X11/extensions/XI.h>
#include <jni.h> #include <jni.h>
#include <sizecalc.h>
#include "robot_common.h" #include "robot_common.h"
#include "canvas.h" #include "canvas.h"
#include "wsutils.h" #include "wsutils.h"
...@@ -174,7 +175,7 @@ Java_sun_awt_X11_XRobotPeer_setup (JNIEnv * env, jclass cls, jint numberOfButton ...@@ -174,7 +175,7 @@ Java_sun_awt_X11_XRobotPeer_setup (JNIEnv * env, jclass cls, jint numberOfButton
num_buttons = numberOfButtons; num_buttons = numberOfButtons;
tmp = (*env)->GetIntArrayElements(env, buttonDownMasks, JNI_FALSE); tmp = (*env)->GetIntArrayElements(env, buttonDownMasks, JNI_FALSE);
masks = (jint *)malloc(sizeof(jint) * num_buttons); masks = (jint *)SAFE_SIZE_ARRAY_ALLOC(malloc, sizeof(jint), num_buttons);
if (masks == (jint *) NULL) { if (masks == (jint *) NULL) {
JNU_ThrowOutOfMemoryError((JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2), NULL); JNU_ThrowOutOfMemoryError((JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2), NULL);
(*env)->ReleaseIntArrayElements(env, buttonDownMasks, tmp, 0); (*env)->ReleaseIntArrayElements(env, buttonDownMasks, tmp, 0);
...@@ -231,8 +232,9 @@ Java_sun_awt_X11_XRobotPeer_getRGBPixelsImpl( JNIEnv *env, ...@@ -231,8 +232,9 @@ Java_sun_awt_X11_XRobotPeer_getRGBPixelsImpl( JNIEnv *env,
image = getWindowImage(awt_display, rootWindow, x, y, width, height); image = getWindowImage(awt_display, rootWindow, x, y, width, height);
/* Array to use to crunch around the pixel values */ /* Array to use to crunch around the pixel values */
ary = (jint *) malloc(width * height * sizeof (jint)); if (!IS_SAFE_SIZE_MUL(width, height) ||
if (ary == NULL) { !(ary = (jint *) SAFE_SIZE_ARRAY_ALLOC(malloc, width * height, sizeof (jint))))
{
JNU_ThrowOutOfMemoryError(env, "OutOfMemoryError"); JNU_ThrowOutOfMemoryError(env, "OutOfMemoryError");
XDestroyImage(image); XDestroyImage(image);
AWT_UNLOCK(); AWT_UNLOCK();
......
...@@ -29,6 +29,7 @@ ...@@ -29,6 +29,7 @@
#include <dlfcn.h> #include <dlfcn.h>
#include <jni.h> #include <jni.h>
#include <sizecalc.h>
#include "sun_awt_UNIXToolkit.h" #include "sun_awt_UNIXToolkit.h"
#ifndef HEADLESS #ifndef HEADLESS
...@@ -148,7 +149,8 @@ Java_sun_awt_UNIXToolkit_load_1gtk_1icon(JNIEnv *env, jobject this, ...@@ -148,7 +149,8 @@ Java_sun_awt_UNIXToolkit_load_1gtk_1icon(JNIEnv *env, jobject this,
} }
len = (*env)->GetStringUTFLength(env, filename); len = (*env)->GetStringUTFLength(env, filename);
filename_str = (char *)malloc(sizeof(char) * (len + 1)); filename_str = (char *)SAFE_SIZE_ARRAY_ALLOC(malloc,
sizeof(char), len + 1);
if (filename_str == NULL) { if (filename_str == NULL) {
JNU_ThrowOutOfMemoryError(env, "OutOfMemoryError"); JNU_ThrowOutOfMemoryError(env, "OutOfMemoryError");
return JNI_FALSE; return JNI_FALSE;
...@@ -189,7 +191,8 @@ Java_sun_awt_UNIXToolkit_load_1stock_1icon(JNIEnv *env, jobject this, ...@@ -189,7 +191,8 @@ Java_sun_awt_UNIXToolkit_load_1stock_1icon(JNIEnv *env, jobject this,
} }
len = (*env)->GetStringUTFLength(env, stock_id); len = (*env)->GetStringUTFLength(env, stock_id);
stock_id_str = (char *)malloc(sizeof(char) * (len + 1)); stock_id_str = (char *)SAFE_SIZE_ARRAY_ALLOC(malloc,
sizeof(char), len + 1);
if (stock_id_str == NULL) { if (stock_id_str == NULL) {
JNU_ThrowOutOfMemoryError(env, "OutOfMemoryError"); JNU_ThrowOutOfMemoryError(env, "OutOfMemoryError");
return JNI_FALSE; return JNI_FALSE;
...@@ -200,7 +203,8 @@ Java_sun_awt_UNIXToolkit_load_1stock_1icon(JNIEnv *env, jobject this, ...@@ -200,7 +203,8 @@ Java_sun_awt_UNIXToolkit_load_1stock_1icon(JNIEnv *env, jobject this,
if (detail != NULL) if (detail != NULL)
{ {
len = (*env)->GetStringUTFLength(env, detail); len = (*env)->GetStringUTFLength(env, detail);
detail_str = (char *)malloc(sizeof(char) * (len + 1)); detail_str = (char *)SAFE_SIZE_ARRAY_ALLOC(malloc,
sizeof(char), len + 1);
if (detail_str == NULL) { if (detail_str == NULL) {
JNU_ThrowOutOfMemoryError(env, "OutOfMemoryError"); JNU_ThrowOutOfMemoryError(env, "OutOfMemoryError");
return JNI_FALSE; return JNI_FALSE;
......
...@@ -41,6 +41,7 @@ ...@@ -41,6 +41,7 @@
#include <jni.h> #include <jni.h>
#include <jni_util.h> #include <jni_util.h>
#include <jvm_md.h> #include <jvm_md.h>
#include <sizecalc.h>
#ifndef HEADLESS #ifndef HEADLESS
#include <X11/Xlib.h> #include <X11/Xlib.h>
#include <awt.h> #include <awt.h>
...@@ -225,7 +226,7 @@ static void AddFontsToX11FontPath ( fDirRecord *fDirP ) ...@@ -225,7 +226,7 @@ static void AddFontsToX11FontPath ( fDirRecord *fDirP )
if ( fDirP->num == 0 ) return; if ( fDirP->num == 0 ) return;
appendDirList = malloc ( fDirP->num * sizeof ( int )); appendDirList = SAFE_SIZE_ARRAY_ALLOC(malloc, fDirP->num, sizeof ( int ));
if ( appendDirList == NULL ) { if ( appendDirList == NULL ) {
return; /* if it fails we cannot do much */ return; /* if it fails we cannot do much */
} }
...@@ -282,7 +283,7 @@ static void AddFontsToX11FontPath ( fDirRecord *fDirP ) ...@@ -282,7 +283,7 @@ static void AddFontsToX11FontPath ( fDirRecord *fDirP )
} }
newFontPath = malloc ( totalDirCount * sizeof ( char **) ); newFontPath = SAFE_SIZE_ARRAY_ALLOC(malloc, totalDirCount, sizeof ( char **) );
/* if it fails free things and get out */ /* if it fails free things and get out */
if ( newFontPath == NULL ) { if ( newFontPath == NULL ) {
free ( ( void *) appendDirList ); free ( ( void *) appendDirList );
...@@ -303,7 +304,12 @@ static void AddFontsToX11FontPath ( fDirRecord *fDirP ) ...@@ -303,7 +304,12 @@ static void AddFontsToX11FontPath ( fDirRecord *fDirP )
/* printf ( "Appending %s\n", fDirP->name[index] ); */ /* printf ( "Appending %s\n", fDirP->name[index] ); */
onePath = malloc ( ( strlen (fDirP->name[index]) + 2 )* sizeof( char ) ); onePath = SAFE_SIZE_ARRAY_ALLOC(malloc, strlen (fDirP->name[index]) + 2, sizeof( char ) );
if (onePath == NULL) {
free ( ( void *) appendDirList );
XFreeFontPath ( origFontPath );
return;
}
strcpy ( onePath, fDirP->name[index] ); strcpy ( onePath, fDirP->name[index] );
strcat ( onePath, "/" ); strcat ( onePath, "/" );
newFontPath[nPaths++] = onePath; newFontPath[nPaths++] = onePath;
......
...@@ -31,6 +31,7 @@ ...@@ -31,6 +31,7 @@
#include "gtk2_interface.h" #include "gtk2_interface.h"
#include "java_awt_Transparency.h" #include "java_awt_Transparency.h"
#include "jvm_md.h" #include "jvm_md.h"
#include "sizecalc.h"
#define GTK2_LIB_VERSIONED VERSIONED_JNI_LIB_NAME("gtk-x11-2.0", "0") #define GTK2_LIB_VERSIONED VERSIONED_JNI_LIB_NAME("gtk-x11-2.0", "0")
#define GTK2_LIB JNI_LIB_NAME("gtk-x11-2.0") #define GTK2_LIB JNI_LIB_NAME("gtk-x11-2.0")
...@@ -765,7 +766,8 @@ gboolean gtk2_load() ...@@ -765,7 +766,8 @@ gboolean gtk2_load()
gtk_modules_env && strstr (gtk_modules_env, "gail")) gtk_modules_env && strstr (gtk_modules_env, "gail"))
{ {
/* the new env will be smaller than the old one */ /* the new env will be smaller than the old one */
gchar *s, *new_env = malloc (sizeof(ENV_PREFIX)+strlen (gtk_modules_env)); gchar *s, *new_env = SAFE_SIZE_STRUCT_ALLOC(malloc,
sizeof(ENV_PREFIX), 1, strlen (gtk_modules_env));
if (new_env != NULL ) if (new_env != NULL )
{ {
......
...@@ -41,6 +41,7 @@ ...@@ -41,6 +41,7 @@
#include <locale.h> #include <locale.h>
#include <fcntl.h> #include <fcntl.h>
#include <poll.h> #include <poll.h>
#include <sizecalc.h>
static Bool shapeSupported; static Bool shapeSupported;
static int shapeEventBase, shapeErrorBase; static int shapeEventBase, shapeErrorBase;
...@@ -76,9 +77,12 @@ char* SplashConvertStringAlloc(const char* in, int* size) { ...@@ -76,9 +77,12 @@ char* SplashConvertStringAlloc(const char* in, int* size) {
goto done; goto done;
} }
inSize = strlen(in); inSize = strlen(in);
buf = SAFE_SIZE_ARRAY_ALLOC(malloc, inSize, 2);
if (!buf) {
return NULL;
}
bufSize = inSize*2; // need 2 bytes per char for UCS-2, this is bufSize = inSize*2; // need 2 bytes per char for UCS-2, this is
// 2 bytes per source byte max // 2 bytes per source byte max
buf = malloc(bufSize);
out = buf; outSize = bufSize; out = buf; outSize = bufSize;
/* linux iconv wants char** source and solaris wants const char**... /* linux iconv wants char** source and solaris wants const char**...
cast to void* */ cast to void* */
...@@ -114,12 +118,20 @@ SplashInitFrameShape(Splash * splash, int imageIndex) { ...@@ -114,12 +118,20 @@ SplashInitFrameShape(Splash * splash, int imageIndex) {
initRect(&maskRect, 0, 0, splash->width, splash->height, 1, initRect(&maskRect, 0, 0, splash->width, splash->height, 1,
splash->width * splash->imageFormat.depthBytes, splash->width * splash->imageFormat.depthBytes,
splash->frames[imageIndex].bitmapBits, &splash->imageFormat); splash->frames[imageIndex].bitmapBits, &splash->imageFormat);
rects = if (!IS_SAFE_SIZE_MUL(splash->width / 2 + 1, splash->height)) {
malloc(sizeof(XRectangle) * (splash->width / 2 + 1) * splash->height); return;
}
rects = SAFE_SIZE_ARRAY_ALLOC(malloc,
sizeof(XRectangle), (splash->width / 2 + 1) * splash->height);
if (!rects) {
return;
}
frame->numRects = BitmapToYXBandedRectangles(&maskRect, rects); frame->numRects = BitmapToYXBandedRectangles(&maskRect, rects);
frame->rects = malloc(frame->numRects * sizeof(XRectangle)); frame->rects = SAFE_SIZE_ARRAY_ALLOC(malloc, frame->numRects, sizeof(XRectangle));
memcpy(frame->rects, rects, frame->numRects * sizeof(XRectangle)); if (frame->rects) { // handle the error after the if(){}
memcpy(frame->rects, rects, frame->numRects * sizeof(XRectangle));
}
free(rects); free(rects);
} }
......
...@@ -38,6 +38,7 @@ ...@@ -38,6 +38,7 @@
#include <jni.h> #include <jni.h>
#include <jni_util.h> #include <jni_util.h>
#include <jlong.h> #include <jlong.h>
#include <sizecalc.h>
#include <awt.h> #include <awt.h>
#include <jvm.h> #include <jvm.h>
...@@ -2225,6 +2226,10 @@ Java_sun_awt_X11_XlibWrapper_SetBitmapShape ...@@ -2225,6 +2226,10 @@ Java_sun_awt_X11_XlibWrapper_SetBitmapShape
RECT_T * pRect; RECT_T * pRect;
int numrects; int numrects;
if (!IS_SAFE_SIZE_MUL(width / 2 + 1, height)) {
return;
}
AWT_CHECK_HAVE_LOCK(); AWT_CHECK_HAVE_LOCK();
len = (*env)->GetArrayLength(env, bitmap); len = (*env)->GetArrayLength(env, bitmap);
...@@ -2237,7 +2242,10 @@ Java_sun_awt_X11_XlibWrapper_SetBitmapShape ...@@ -2237,7 +2242,10 @@ Java_sun_awt_X11_XlibWrapper_SetBitmapShape
return; return;
} }
pRect = (RECT_T *)malloc(worstBufferSize * sizeof(RECT_T)); pRect = (RECT_T *)SAFE_SIZE_ARRAY_ALLOC(malloc, worstBufferSize, sizeof(RECT_T));
if (!pRect) {
return;
}
/* Note: the values[0] and values[1] are supposed to contain the width /* Note: the values[0] and values[1] are supposed to contain the width
* and height (see XIconInfo.getIntData() for details). So, we do +2. * and height (see XIconInfo.getIntData() for details). So, we do +2.
......
...@@ -37,6 +37,7 @@ ...@@ -37,6 +37,7 @@
#include <windowsx.h> #include <windowsx.h>
#include <windows.h> #include <windows.h>
#include <winuser.h> #include <winuser.h>
#include "sizecalc.h"
#ifndef WS_EX_LAYERED #ifndef WS_EX_LAYERED
#define WS_EX_LAYERED 0x80000 #define WS_EX_LAYERED 0x80000
...@@ -67,7 +68,10 @@ char* SplashConvertStringAlloc(const char* in, int *size) { ...@@ -67,7 +68,10 @@ char* SplashConvertStringAlloc(const char* in, int *size) {
len = strlen(in); len = strlen(in);
outChars = MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, in, len, outChars = MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, in, len,
NULL, 0); NULL, 0);
buf = malloc(outChars*sizeof(WCHAR)); buf = (WCHAR*) SAFE_SIZE_ARRAY_ALLOC(malloc, outChars, sizeof(WCHAR));
if (!buf) {
return NULL;
}
rc = MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, in, len, rc = MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, in, len,
buf, outChars); buf, outChars);
if (rc==0) { if (rc==0) {
...@@ -98,8 +102,14 @@ SplashInitFrameShape(Splash * splash, int imageIndex) ...@@ -98,8 +102,14 @@ SplashInitFrameShape(Splash * splash, int imageIndex)
return; return;
/* reserving memory for the worst case */ /* reserving memory for the worst case */
pRgnData = (RGNDATA *) malloc(sizeof(RGNDATAHEADER) + if (!IS_SAFE_SIZE_MUL(splash->width / 2 + 1, splash->height)) {
sizeof(RECT) * (splash->width / 2 + 1) * splash->height); return;
}
pRgnData = (RGNDATA *) SAFE_SIZE_STRUCT_ALLOC(malloc, sizeof(RGNDATAHEADER),
sizeof(RECT), (splash->width / 2 + 1) * splash->height);
if (!pRgnData) {
return;
}
pRgnHdr = (RGNDATAHEADER *) pRgnData; pRgnHdr = (RGNDATAHEADER *) pRgnData;
initRect(&maskRect, 0, 0, splash->width, splash->height, 1, initRect(&maskRect, 0, 0, splash->width, splash->height, 1,
splash->width * splash->imageFormat.depthBytes, splash->width * splash->imageFormat.depthBytes,
...@@ -130,7 +140,6 @@ SplashPaint(Splash * splash, HDC hdc) ...@@ -130,7 +140,6 @@ SplashPaint(Splash * splash, HDC hdc)
{ {
unsigned numColors = splash->screenFormat.colorMap ? unsigned numColors = splash->screenFormat.colorMap ?
splash->screenFormat.numColors : 0; splash->screenFormat.numColors : 0;
unsigned bmiSize;
BITMAPV4HEADER *pBmi; BITMAPV4HEADER *pBmi;
HPALETTE hOldPal = NULL; HPALETTE hOldPal = NULL;
...@@ -138,8 +147,11 @@ SplashPaint(Splash * splash, HDC hdc) ...@@ -138,8 +147,11 @@ SplashPaint(Splash * splash, HDC hdc)
return; return;
if (splash->currentFrame < 0 || splash->currentFrame >= splash->frameCount) if (splash->currentFrame < 0 || splash->currentFrame >= splash->frameCount)
return; return;
bmiSize = sizeof(BITMAPV4HEADER) + sizeof(RGBQUAD) * numColors; pBmi = (BITMAPV4HEADER *) SAFE_SIZE_STRUCT_ALLOC(alloca, sizeof(BITMAPV4HEADER),
pBmi = (BITMAPV4HEADER *) alloca(bmiSize); sizeof(RGBQUAD), numColors);
if (!pBmi) {
return;
}
memset(pBmi, 0, sizeof(BITMAPV4HEADER)); memset(pBmi, 0, sizeof(BITMAPV4HEADER));
if (splash->screenFormat.colorMap) if (splash->screenFormat.colorMap)
memcpy(((BYTE *) pBmi) + sizeof(BITMAPV4HEADER), memcpy(((BYTE *) pBmi) + sizeof(BITMAPV4HEADER),
...@@ -163,8 +175,11 @@ SplashPaint(Splash * splash, HDC hdc) ...@@ -163,8 +175,11 @@ SplashPaint(Splash * splash, HDC hdc)
here on demand */ here on demand */
if (!splash->hPalette) { if (!splash->hPalette) {
unsigned i; unsigned i;
LOGPALETTE *pLogPal = LOGPALETTE *pLogPal = (LOGPALETTE *) SAFE_SIZE_STRUCT_ALLOC(malloc,
malloc(sizeof(LOGPALETTE) + sizeof(PALETTEENTRY) * numColors); sizeof(LOGPALETTE), sizeof(PALETTEENTRY), numColors);
if (!pLogPal) {
return;
}
pLogPal->palVersion = 0x300; pLogPal->palVersion = 0x300;
pLogPal->palNumEntries = (WORD) numColors; pLogPal->palNumEntries = (WORD) numColors;
......
...@@ -54,6 +54,7 @@ ...@@ -54,6 +54,7 @@
#include <jni.h> #include <jni.h>
#include <jni_util.h> #include <jni_util.h>
#include <jlong_md.h> #include <jlong_md.h>
#include <sizecalc.h>
#include <sun_font_FileFontStrike.h> #include <sun_font_FileFontStrike.h>
#include "fontscalerdefs.h" #include "fontscalerdefs.h"
...@@ -374,11 +375,11 @@ Java_sun_font_FileFontStrike__1getGlyphImageFromWindows ...@@ -374,11 +375,11 @@ Java_sun_font_FileFontStrike__1getGlyphImageFromWindows
bmi.bmiHeader.biBitCount = 24; bmi.bmiHeader.biBitCount = 24;
bmi.bmiHeader.biCompression = BI_RGB; bmi.bmiHeader.biCompression = BI_RGB;
dibImageSize = dibBytesWidth*height; dibImage = SAFE_SIZE_ARRAY_ALLOC(malloc, dibBytesWidth, height);
dibImage = malloc(dibImageSize);
if (dibImage == NULL) { if (dibImage == NULL) {
FREE_AND_RETURN; FREE_AND_RETURN;
} }
dibImageSize = dibBytesWidth*height;
memset(dibImage, 0, dibImageSize); memset(dibImage, 0, dibImageSize);
err = GetDIBits(hMemoryDC, hBitmap, 0, height, dibImage, err = GetDIBits(hMemoryDC, hBitmap, 0, height, dibImage,
...@@ -407,11 +408,12 @@ Java_sun_font_FileFontStrike__1getGlyphImageFromWindows ...@@ -407,11 +408,12 @@ Java_sun_font_FileFontStrike__1getGlyphImageFromWindows
* that extra "1" was added as padding, so the sub-pixel positioning of * that extra "1" was added as padding, so the sub-pixel positioning of
* fractional metrics could index into it. * fractional metrics could index into it.
*/ */
imageSize = bytesWidth*height; glyphInfo = (GlyphInfo*)SAFE_SIZE_STRUCT_ALLOC(malloc, sizeof(GlyphInfo),
glyphInfo = (GlyphInfo*)malloc(sizeof(GlyphInfo)+imageSize); bytesWidth, height);
if (glyphInfo == NULL) { if (glyphInfo == NULL) {
FREE_AND_RETURN; FREE_AND_RETURN;
} }
imageSize = bytesWidth*height;
glyphInfo->cellInfo = NULL; glyphInfo->cellInfo = NULL;
glyphInfo->rowBytes = bytesWidth; glyphInfo->rowBytes = bytesWidth;
glyphInfo->width = width; glyphInfo->width = width;
......
...@@ -30,6 +30,7 @@ ...@@ -30,6 +30,7 @@
#include "jni.h" #include "jni.h"
#include "jlong.h" #include "jlong.h"
#include "jni_util.h" #include "jni_util.h"
#include "sizecalc.h"
#include "OGLRenderQueue.h" #include "OGLRenderQueue.h"
#include "WGLGraphicsConfig.h" #include "WGLGraphicsConfig.h"
#include "WGLSurfaceData.h" #include "WGLSurfaceData.h"
...@@ -603,7 +604,7 @@ JNIEXPORT jboolean JNICALL ...@@ -603,7 +604,7 @@ JNIEXPORT jboolean JNICALL
height = h; height = h;
srcx = srcy = dstx = dsty = 0; srcx = srcy = dstx = dsty = 0;
pDst = malloc(height * scanStride); pDst = SAFE_SIZE_ARRAY_ALLOC(malloc, height, scanStride);
if (pDst == NULL) { if (pDst == NULL) {
return JNI_FALSE; return JNI_FALSE;
} }
......
...@@ -166,6 +166,7 @@ Java_sun_java2d_windows_GDIBlitLoops_nativeBlit ...@@ -166,6 +166,7 @@ Java_sun_java2d_windows_GDIBlitLoops_nativeBlit
// when using ByteGray surfaces. Eventually, we should use // when using ByteGray surfaces. Eventually, we should use
// the new Disposer mechanism to delete this native memory. // the new Disposer mechanism to delete this native memory.
if (byteGrayPalette == NULL) { if (byteGrayPalette == NULL) {
// assert (256 * sizeof(RGBQUAD)) <= SIZE_MAX
byteGrayPalette = (RGBQUAD *)safe_Malloc(256 * sizeof(RGBQUAD)); byteGrayPalette = (RGBQUAD *)safe_Malloc(256 * sizeof(RGBQUAD));
for (int i = 0; i < 256; ++i) { for (int i = 0; i < 256; ++i) {
byteGrayPalette[i].rgbRed = i; byteGrayPalette[i].rgbRed = i;
......
...@@ -84,7 +84,7 @@ static POINT *TransformPoly(jint *xpoints, jint *ypoints, ...@@ -84,7 +84,7 @@ static POINT *TransformPoly(jint *xpoints, jint *ypoints,
*pNpoints = outpoints; *pNpoints = outpoints;
} }
if (outpoints > POLYTEMPSIZE) { if (outpoints > POLYTEMPSIZE) {
pPoints = (POINT *) safe_Malloc(sizeof(POINT) * outpoints); pPoints = (POINT *) SAFE_SIZE_ARRAY_ALLOC(safe_Malloc, sizeof(POINT), outpoints);
} }
BOOL isempty = fixend; BOOL isempty = fixend;
for (int i = 0; i < npoints; i++) { for (int i = 0; i < npoints; i++) {
......
...@@ -1056,8 +1056,9 @@ GDIWinSD_InitDC(JNIEnv *env, GDIWinSDOps *wsdo, ThreadGraphicsInfo *info, ...@@ -1056,8 +1056,9 @@ GDIWinSD_InitDC(JNIEnv *env, GDIWinSDOps *wsdo, ThreadGraphicsInfo *info,
int topInset = wsdo->insets.top; int topInset = wsdo->insets.top;
Region_StartIteration(env, &clipInfo); Region_StartIteration(env, &clipInfo);
jint numrects = Region_CountIterationRects(&clipInfo); jint numrects = Region_CountIterationRects(&clipInfo);
DWORD nCount = sizeof(RGNDATAHEADER) + numrects * sizeof(RECT); RGNDATA *lpRgnData = (RGNDATA *) SAFE_SIZE_STRUCT_ALLOC(safe_Malloc,
RGNDATA *lpRgnData = (RGNDATA *) safe_Malloc(nCount); sizeof(RGNDATAHEADER), numrects, sizeof(RECT));
const DWORD nCount = sizeof(RGNDATAHEADER) + numrects * sizeof(RECT);
lpRgnData->rdh.dwSize = sizeof(RGNDATAHEADER); lpRgnData->rdh.dwSize = sizeof(RGNDATAHEADER);
lpRgnData->rdh.iType = RDH_RECTANGLES; lpRgnData->rdh.iType = RDH_RECTANGLES;
lpRgnData->rdh.nCount = numrects; lpRgnData->rdh.nCount = numrects;
......
...@@ -39,7 +39,7 @@ AwtCmdIDList::AwtCmdIDList() ...@@ -39,7 +39,7 @@ AwtCmdIDList::AwtCmdIDList()
{ {
m_capacity = ARRAY_INITIAL_SIZE; m_capacity = ARRAY_INITIAL_SIZE;
m_first_free = -1; m_first_free = -1;
m_array = (CmdIDEntry *)safe_Malloc(m_capacity * sizeof(AwtObject*)); m_array = (CmdIDEntry *)SAFE_SIZE_ARRAY_ALLOC(safe_Malloc, m_capacity, sizeof(AwtObject*));
BuildFreeList(0); BuildFreeList(0);
} }
...@@ -80,8 +80,8 @@ UINT AwtCmdIDList::Add(AwtObject* obj) ...@@ -80,8 +80,8 @@ UINT AwtCmdIDList::Add(AwtObject* obj)
m_capacity += ARRAY_SIZE_INCREMENT; m_capacity += ARRAY_SIZE_INCREMENT;
if (m_capacity > ARRAY_MAXIMUM_SIZE) if (m_capacity > ARRAY_MAXIMUM_SIZE)
m_capacity = ARRAY_MAXIMUM_SIZE; m_capacity = ARRAY_MAXIMUM_SIZE;
m_array = (CmdIDEntry *)safe_Realloc(m_array, m_array = (CmdIDEntry *)SAFE_SIZE_ARRAY_REALLOC(safe_Realloc, m_array,
m_capacity * sizeof(CmdIDEntry*)); m_capacity, sizeof(CmdIDEntry*));
BuildFreeList(old_capacity); BuildFreeList(old_capacity);
} }
} }
......
...@@ -171,8 +171,8 @@ Devices::Devices(int numDevices) ...@@ -171,8 +171,8 @@ Devices::Devices(int numDevices)
J2dTraceLn1(J2D_TRACE_INFO, "Devices::Devices numDevices=%d", numDevices); J2dTraceLn1(J2D_TRACE_INFO, "Devices::Devices numDevices=%d", numDevices);
this->numDevices = numDevices; this->numDevices = numDevices;
this->refCount = 0; this->refCount = 0;
devices = (AwtWin32GraphicsDevice**)safe_Malloc devices = (AwtWin32GraphicsDevice**)SAFE_SIZE_ARRAY_ALLOC(safe_Malloc,
(numDevices * sizeof(AwtWin32GraphicsDevice *)); numDevices, sizeof(AwtWin32GraphicsDevice *));
} }
/** /**
...@@ -188,7 +188,8 @@ BOOL Devices::UpdateInstance(JNIEnv *env) ...@@ -188,7 +188,8 @@ BOOL Devices::UpdateInstance(JNIEnv *env)
J2dTraceLn(J2D_TRACE_INFO, "Devices::UpdateInstance"); J2dTraceLn(J2D_TRACE_INFO, "Devices::UpdateInstance");
int numScreens = CountMonitors(); int numScreens = CountMonitors();
HMONITOR *monHds = (HMONITOR *)safe_Malloc(numScreens * sizeof(HMONITOR)); HMONITOR *monHds = (HMONITOR *)SAFE_SIZE_ARRAY_ALLOC(safe_Malloc,
numScreens, sizeof(HMONITOR));
if (numScreens != CollectMonitors(monHds, numScreens)) { if (numScreens != CollectMonitors(monHds, numScreens)) {
J2dRlsTraceLn(J2D_TRACE_ERROR, J2dRlsTraceLn(J2D_TRACE_ERROR,
"Devices::UpdateInstance: Failed to get all "\ "Devices::UpdateInstance: Failed to get all "\
......
...@@ -393,6 +393,9 @@ JNIEXPORT jlong JNICALL Java_sun_awt_shell_Win32ShellFolder2_copyFirstPIDLEntry ...@@ -393,6 +393,9 @@ JNIEXPORT jlong JNICALL Java_sun_awt_shell_Win32ShellFolder2_copyFirstPIDLEntry
if (cb == 0) if (cb == 0)
return 0; return 0;
if (!IS_SAFE_SIZE_ADD(cb, sizeof(SHITEMID))) {
return 0;
}
// Allocate space for this as well as null-terminating entry. // Allocate space for this as well as null-terminating entry.
LPITEMIDLIST newPIDL = (LPITEMIDLIST)pMalloc->Alloc(cb + sizeof(SHITEMID)); LPITEMIDLIST newPIDL = (LPITEMIDLIST)pMalloc->Alloc(cb + sizeof(SHITEMID));
...@@ -433,6 +436,9 @@ JNIEXPORT jlong JNICALL Java_sun_awt_shell_Win32ShellFolder2_combinePIDLs ...@@ -433,6 +436,9 @@ JNIEXPORT jlong JNICALL Java_sun_awt_shell_Win32ShellFolder2_combinePIDLs
int len1 = pidlLength(parentPIDL); int len1 = pidlLength(parentPIDL);
int len2 = pidlLength(relativePIDL); int len2 = pidlLength(relativePIDL);
if (!IS_SAFE_SIZE_ADD(len1, len2) || !IS_SAFE_SIZE_ADD(len1 + len2, sizeof(SHITEMID))) {
return 0;
}
LPITEMIDLIST newPIDL = (LPITEMIDLIST)pMalloc->Alloc(len1 + len2 + sizeof(SHITEMID)); LPITEMIDLIST newPIDL = (LPITEMIDLIST)pMalloc->Alloc(len1 + len2 + sizeof(SHITEMID));
memcpy(newPIDL, parentPIDL, len1); memcpy(newPIDL, parentPIDL, len1);
memcpy(((LPBYTE) newPIDL) + len1, relativePIDL, len2); memcpy(((LPBYTE) newPIDL) + len1, relativePIDL, len2);
......
...@@ -810,7 +810,7 @@ Java_sun_print_Win32PrintService_getDefaultSettings(JNIEnv *env, ...@@ -810,7 +810,7 @@ Java_sun_print_Win32PrintService_getDefaultSettings(JNIEnv *env,
int numSizes = ::DeviceCapabilities(printerName, printerPort, int numSizes = ::DeviceCapabilities(printerName, printerPort,
DC_PAPERS, NULL, NULL); DC_PAPERS, NULL, NULL);
if (numSizes > 0) { if (numSizes > 0) {
LPTSTR papers = (LPTSTR)safe_Malloc(numSizes * sizeof(WORD)); LPTSTR papers = (LPTSTR)SAFE_SIZE_ARRAY_ALLOC(safe_Malloc, numSizes, sizeof(WORD));
if (papers != NULL && if (papers != NULL &&
::DeviceCapabilities(printerName, printerPort, ::DeviceCapabilities(printerName, printerPort,
DC_PAPERS, papers, NULL) != -1) { DC_PAPERS, papers, NULL) != -1) {
......
...@@ -40,6 +40,9 @@ namespace std { ...@@ -40,6 +40,9 @@ namespace std {
class bad_alloc {}; class bad_alloc {};
} }
#define SIZECALC_ALLOC_THROWING_BAD_ALLOC
#include "sizecalc.h"
class awt_toolkit_shutdown {}; class awt_toolkit_shutdown {};
// Disable "C++ Exception Specification ignored" warnings. // Disable "C++ Exception Specification ignored" warnings.
......
...@@ -326,7 +326,7 @@ public: ...@@ -326,7 +326,7 @@ public:
m_dwSize = cbTCharCount; m_dwSize = cbTCharCount;
m_pStr = (0 == m_dwSize) m_pStr = (0 == m_dwSize)
? NULL ? NULL
: (LPWSTR)safe_Malloc( (m_dwSize+1)*sizeof(WCHAR) ); : (LPWSTR)SAFE_SIZE_ARRAY_ALLOC(safe_Malloc, (m_dwSize+1), sizeof(WCHAR) );
} }
JavaStringBuffer(JNIEnv *env, jstring text) { JavaStringBuffer(JNIEnv *env, jstring text) {
...@@ -336,7 +336,7 @@ public: ...@@ -336,7 +336,7 @@ public:
if (0 == m_dwSize) { if (0 == m_dwSize) {
m_pStr = NULL; m_pStr = NULL;
} else { } else {
m_pStr = (LPWSTR)safe_Malloc( (m_dwSize+1)*sizeof(WCHAR) ); m_pStr = (LPWSTR)SAFE_SIZE_ARRAY_ALLOC(safe_Malloc, (m_dwSize+1), sizeof(WCHAR) );
env->GetStringRegion(text, 0, m_dwSize, reinterpret_cast<jchar *>(m_pStr)); env->GetStringRegion(text, 0, m_dwSize, reinterpret_cast<jchar *>(m_pStr));
m_pStr[m_dwSize] = 0; m_pStr[m_dwSize] = 0;
} }
...@@ -353,7 +353,7 @@ public: ...@@ -353,7 +353,7 @@ public:
//The function is used only for space reservation in staff buffer for //The function is used only for space reservation in staff buffer for
//followed data copying process. And that is the reason why we ignore //followed data copying process. And that is the reason why we ignore
//the special case m_dwSize==0 here. //the special case m_dwSize==0 here.
m_pStr = (LPWSTR)safe_Realloc(m_pStr, (m_dwSize+1)*sizeof(WCHAR) ); m_pStr = (LPWSTR)SAFE_SIZE_ARRAY_REALLOC(safe_Realloc, m_pStr, m_dwSize+1, sizeof(WCHAR) );
} }
//we are in UNICODE now, so LPWSTR:=:LPTSTR //we are in UNICODE now, so LPWSTR:=:LPTSTR
operator LPWSTR() { return getNonEmptyString(); } operator LPWSTR() { return getNonEmptyString(); }
......
...@@ -39,13 +39,13 @@ ...@@ -39,13 +39,13 @@
HBITMAP BitmapUtil::CreateTransparencyMaskFromARGB(int width, int height, int* imageData) HBITMAP BitmapUtil::CreateTransparencyMaskFromARGB(int width, int height, int* imageData)
{ {
//Scan lines should be aligned to word boundary //Scan lines should be aligned to word boundary
int bufLength = ((width + 15) / 16 * 2) * height;//buf length (bytes) if (!IS_SAFE_SIZE_ADD(width, 15)) return NULL;
char* buf = SAFE_SIZE_NEW_ARRAY2(char, (width + 15) / 16 * 2, height);
if (buf == NULL) return NULL;
int* srcPos = imageData; int* srcPos = imageData;
char* buf = new char[bufLength];
char* bufPos = buf; char* bufPos = buf;
int tmp = 0; int tmp = 0;
int cbit = 0x80; int cbit = 0x80;
if (buf == NULL) return NULL;
for (int i = 0; i < height; i++) { for (int i = 0; i < height; i++) {
for (int j = 0; j < width; j++) { for (int j = 0; j < width; j++) {
//cbit is shifted right for every pixel //cbit is shifted right for every pixel
...@@ -251,8 +251,12 @@ HRGN BitmapUtil::BitmapToRgn(HBITMAP hBitmap) ...@@ -251,8 +251,12 @@ HRGN BitmapUtil::BitmapToRgn(HBITMAP hBitmap)
reinterpret_cast<BITMAPINFO*>(&bi), DIB_RGB_COLORS); reinterpret_cast<BITMAPINFO*>(&bi), DIB_RGB_COLORS);
/* reserving memory for the worst case */ /* reserving memory for the worst case */
RGNDATA * pRgnData = (RGNDATA *) safe_Malloc(sizeof(RGNDATAHEADER) + if (!IS_SAFE_SIZE_MUL(width / 2 + 1, height)) {
sizeof(RECT) * (width / 2 + 1) * height); throw std::bad_alloc();
}
RGNDATA * pRgnData = (RGNDATA *) SAFE_SIZE_STRUCT_ALLOC(safe_Malloc,
sizeof(RGNDATAHEADER),
sizeof(RECT), (width / 2 + 1) * height);
RGNDATAHEADER * pRgnHdr = (RGNDATAHEADER *) pRgnData; RGNDATAHEADER * pRgnHdr = (RGNDATAHEADER *) pRgnData;
pRgnHdr->dwSize = sizeof(RGNDATAHEADER); pRgnHdr->dwSize = sizeof(RGNDATAHEADER);
pRgnHdr->iType = RDH_RECTANGLES; pRgnHdr->iType = RDH_RECTANGLES;
......
...@@ -2186,12 +2186,12 @@ void AwtComponent::PaintUpdateRgn(const RECT *insets) ...@@ -2186,12 +2186,12 @@ void AwtComponent::PaintUpdateRgn(const RECT *insets)
if (insets != NULL) { if (insets != NULL) {
::OffsetRgn(rgn, insets->left, insets->top); ::OffsetRgn(rgn, insets->left, insets->top);
} }
int size = ::GetRegionData(rgn, 0, NULL); DWORD size = ::GetRegionData(rgn, 0, NULL);
if (size == 0) { if (size == 0) {
::DeleteObject((HGDIOBJ)rgn); ::DeleteObject((HGDIOBJ)rgn);
return; return;
} }
char* buffer = new char[size]; char* buffer = new char[size]; // safe because sizeof(char)==1
memset(buffer, 0, size); memset(buffer, 0, size);
LPRGNDATA rgndata = (LPRGNDATA)buffer; LPRGNDATA rgndata = (LPRGNDATA)buffer;
rgndata->rdh.dwSize = sizeof(RGNDATAHEADER); rgndata->rdh.dwSize = sizeof(RGNDATAHEADER);
...@@ -6134,18 +6134,30 @@ void AwtComponent::_SetRectangularShape(void *param) ...@@ -6134,18 +6134,30 @@ void AwtComponent::_SetRectangularShape(void *param)
c = (AwtComponent *)pData; c = (AwtComponent *)pData;
if (::IsWindow(c->GetHWnd())) { if (::IsWindow(c->GetHWnd())) {
HRGN hRgn = NULL; HRGN hRgn = NULL;
// If all the params are zeros, the shape must be simply reset.
// Otherwise, convert it into a region.
if (region || x1 || x2 || y1 || y2) { if (region || x1 || x2 || y1 || y2) {
// If all the params are zeros, the shape must be simply reset. RECT_T rects[256];
// Otherwise, convert it into a region. RECT_T *pRect = rects;
RGNDATA *pRgnData = NULL;
RGNDATAHEADER *pRgnHdr; const int numrects = RegionToYXBandedRectangles(env, x1, y1, x2, y2,
region, &pRect, sizeof(rects)/sizeof(rects[0]));
if (!pRect) {
// RegionToYXBandedRectangles doesn't use safe_Malloc(),
// so throw the exception explicitly
throw std::bad_alloc();
}
/* reserving memory for the worst case */ RGNDATA *pRgnData = (RGNDATA *) SAFE_SIZE_STRUCT_ALLOC(safe_Malloc,
size_t worstBufferSize = size_t(((x2 - x1) / 2 + 1) * (y2 - y1)); sizeof(RGNDATAHEADER), sizeof(RECT_T), numrects);
pRgnData = (RGNDATA *) safe_Malloc(sizeof(RGNDATAHEADER) + memcpy(pRgnData + sizeof(RGNDATAHEADER), pRect, sizeof(RECT_T) * numrects);
sizeof(RECT_T) * worstBufferSize); if (pRect != rects) {
pRgnHdr = (RGNDATAHEADER *) pRgnData; free(pRect);
}
pRect = NULL;
RGNDATAHEADER *pRgnHdr = (RGNDATAHEADER *) pRgnData;
pRgnHdr->dwSize = sizeof(RGNDATAHEADER); pRgnHdr->dwSize = sizeof(RGNDATAHEADER);
pRgnHdr->iType = RDH_RECTANGLES; pRgnHdr->iType = RDH_RECTANGLES;
pRgnHdr->nRgnSize = 0; pRgnHdr->nRgnSize = 0;
...@@ -6153,9 +6165,7 @@ void AwtComponent::_SetRectangularShape(void *param) ...@@ -6153,9 +6165,7 @@ void AwtComponent::_SetRectangularShape(void *param)
pRgnHdr->rcBound.left = 0; pRgnHdr->rcBound.left = 0;
pRgnHdr->rcBound.bottom = LONG(y2 - y1); pRgnHdr->rcBound.bottom = LONG(y2 - y1);
pRgnHdr->rcBound.right = LONG(x2 - x1); pRgnHdr->rcBound.right = LONG(x2 - x1);
pRgnHdr->nCount = numrects;
RECT_T * pRect = (RECT_T *) (((BYTE *) pRgnData) + sizeof(RGNDATAHEADER));
pRgnHdr->nCount = RegionToYXBandedRectangles(env, x1, y1, x2, y2, region, &pRect, worstBufferSize);
hRgn = ::ExtCreateRegion(NULL, hRgn = ::ExtCreateRegion(NULL,
sizeof(RGNDATAHEADER) + sizeof(RECT_T) * pRgnHdr->nCount, pRgnData); sizeof(RGNDATAHEADER) + sizeof(RECT_T) * pRgnHdr->nCount, pRgnData);
...@@ -6297,7 +6307,7 @@ Java_java_awt_Component_initIDs(JNIEnv *env, jclass cls) ...@@ -6297,7 +6307,7 @@ Java_java_awt_Component_initIDs(JNIEnv *env, jclass cls)
jint * tmp = env->GetIntArrayElements(obj, JNI_FALSE); jint * tmp = env->GetIntArrayElements(obj, JNI_FALSE);
jsize len = env->GetArrayLength(obj); jsize len = env->GetArrayLength(obj);
AwtComponent::masks = new jint[len]; AwtComponent::masks = SAFE_SIZE_NEW_ARRAY(jint, len);
for (int i = 0; i < len; i++) { for (int i = 0; i < len; i++) {
AwtComponent::masks[i] = tmp[i]; AwtComponent::masks[i] = tmp[i];
} }
...@@ -7184,4 +7194,5 @@ void ReleaseDCList(HWND hwnd, DCList &list) { ...@@ -7184,4 +7194,5 @@ void ReleaseDCList(HWND hwnd, DCList &list) {
removedDCs = removedDCs->next; removedDCs = removedDCs->next;
delete tmpDCList; delete tmpDCList;
} }
} }
\ No newline at end of file
...@@ -345,14 +345,14 @@ Java_sun_awt_windows_WCustomCursor_createCursorIndirect( ...@@ -345,14 +345,14 @@ Java_sun_awt_windows_WCustomCursor_createCursorIndirect(
return; return;
} }
int length = env->GetArrayLength(andMask); jsize length = env->GetArrayLength(andMask);
jbyte *andMaskPtr = new jbyte[length]; jbyte *andMaskPtr = new jbyte[length]; // safe because sizeof(jbyte)==1
env->GetByteArrayRegion(andMask, 0, length, andMaskPtr); env->GetByteArrayRegion(andMask, 0, length, andMaskPtr);
HBITMAP hMask = ::CreateBitmap(nW, nH, 1, 1, (BYTE *)andMaskPtr); HBITMAP hMask = ::CreateBitmap(nW, nH, 1, 1, (BYTE *)andMaskPtr);
::GdiFlush(); ::GdiFlush();
int *cols = new int[nW*nH]; int *cols = SAFE_SIZE_NEW_ARRAY2(int, nW, nH);
jint *intRasterDataPtr = NULL; jint *intRasterDataPtr = NULL;
HBITMAP hColor = NULL; HBITMAP hColor = NULL;
......
...@@ -281,13 +281,13 @@ Java_sun_awt_windows_WDataTransferer_dragQueryFile ...@@ -281,13 +281,13 @@ Java_sun_awt_windows_WDataTransferer_dragQueryFile
} }
UINT bufsize = 512; // in characters, not in bytes UINT bufsize = 512; // in characters, not in bytes
buffer = (LPTSTR)safe_Malloc(bufsize*sizeof(TCHAR)); buffer = (LPTSTR)SAFE_SIZE_ARRAY_ALLOC(safe_Malloc, bufsize, sizeof(TCHAR));
for (UINT i = 0; i < nFilenames; i++) { for (UINT i = 0; i < nFilenames; i++) {
UINT size = ::DragQueryFile(hdrop, i, NULL, 0); UINT size = ::DragQueryFile(hdrop, i, NULL, 0);
if (size > bufsize) { if (size > bufsize) {
bufsize = size; bufsize = size;
buffer = (LPTSTR)safe_Realloc(buffer, bufsize*sizeof(TCHAR)); buffer = (LPTSTR)SAFE_SIZE_ARRAY_REALLOC(safe_Realloc, buffer, bufsize, sizeof(TCHAR));
} }
::DragQueryFile(hdrop, i, buffer, bufsize); ::DragQueryFile(hdrop, i, buffer, bufsize);
...@@ -359,7 +359,7 @@ Java_sun_awt_windows_WDataTransferer_platformImageBytesToImageData( ...@@ -359,7 +359,7 @@ Java_sun_awt_windows_WDataTransferer_platformImageBytesToImageData(
return NULL; return NULL;
} }
jbyte* bBytes = (jbyte*)safe_Malloc(size * sizeof(jbyte)); jbyte* bBytes = (jbyte*)SAFE_SIZE_ARRAY_ALLOC(safe_Malloc, size, sizeof(jbyte));
try { try {
...@@ -771,9 +771,9 @@ Java_sun_awt_windows_WDataTransferer_imageDataToPlatformImageBytes(JNIEnv *env, ...@@ -771,9 +771,9 @@ Java_sun_awt_windows_WDataTransferer_imageDataToPlatformImageBytes(JNIEnv *env,
} else { } else {
LPBYTE lpbMfBuffer = NULL; LPBYTE lpbMfBuffer = NULL;
try { try {
UINT uMfSizeWithHead = uMfSize + sizeof(METAFILEPICT); lpbMfBuffer = (LPBYTE)SAFE_SIZE_STRUCT_ALLOC(safe_Malloc,
sizeof(METAFILEPICT), uMfSize, 1);
lpbMfBuffer = (LPBYTE)safe_Malloc(uMfSizeWithHead); const UINT uMfSizeWithHead = uMfSize + sizeof(METAFILEPICT);
VERIFY(::GetMetaFileBitsEx(hmf, uMfSize, VERIFY(::GetMetaFileBitsEx(hmf, uMfSize,
lpbMfBuffer + sizeof(METAFILEPICT)) == uMfSize); lpbMfBuffer + sizeof(METAFILEPICT)) == uMfSize);
bytes = env->NewByteArray(uMfSizeWithHead); bytes = env->NewByteArray(uMfSizeWithHead);
......
...@@ -171,7 +171,7 @@ static LPTSTR getWindowsPropFromReg(LPTSTR subKey, LPTSTR valueName, DWORD *valu ...@@ -171,7 +171,7 @@ static LPTSTR getWindowsPropFromReg(LPTSTR subKey, LPTSTR valueName, DWORD *valu
if (*valueType == REG_EXPAND_SZ) { if (*valueType == REG_EXPAND_SZ) {
// Pending: buffer must be null-terminated at this point // Pending: buffer must be null-terminated at this point
valueChar = ExpandEnvironmentStrings(buffer, NULL, 0); valueChar = ExpandEnvironmentStrings(buffer, NULL, 0);
LPTSTR buffer2 = (LPTSTR)safe_Malloc(valueChar*sizeof(TCHAR)); LPTSTR buffer2 = (LPTSTR)SAFE_SIZE_ARRAY_ALLOC(safe_Malloc, valueChar, sizeof(TCHAR));
ExpandEnvironmentStrings(buffer, buffer2, valueChar); ExpandEnvironmentStrings(buffer, buffer2, valueChar);
free(buffer); free(buffer);
return buffer2; return buffer2;
...@@ -588,11 +588,11 @@ void AwtDesktopProperties::GetOtherParameters() { ...@@ -588,11 +588,11 @@ void AwtDesktopProperties::GetOtherParameters() {
} }
LPTSTR valueName = TEXT("PlaceN"); LPTSTR valueName = TEXT("PlaceN");
LPTSTR valueNameBuf = (LPTSTR)safe_Malloc((lstrlen(valueName) + 1) * sizeof(TCHAR)); LPTSTR valueNameBuf = (LPTSTR)SAFE_SIZE_ARRAY_ALLOC(safe_Malloc, (lstrlen(valueName) + 1), sizeof(TCHAR));
lstrcpy(valueNameBuf, valueName); lstrcpy(valueNameBuf, valueName);
LPTSTR propKey = TEXT("win.comdlg.placesBarPlaceN"); LPTSTR propKey = TEXT("win.comdlg.placesBarPlaceN");
LPTSTR propKeyBuf = (LPTSTR)safe_Malloc((lstrlen(propKey) + 1) * sizeof(TCHAR)); LPTSTR propKeyBuf = (LPTSTR)SAFE_SIZE_ARRAY_ALLOC(safe_Malloc, (lstrlen(propKey) + 1), sizeof(TCHAR));
lstrcpy(propKeyBuf, propKey); lstrcpy(propKeyBuf, propKey);
int i = 0; int i = 0;
......
...@@ -1037,8 +1037,8 @@ void AwtDropTarget::LoadCache(IDataObject* pDataObj) { ...@@ -1037,8 +1037,8 @@ void AwtDropTarget::LoadCache(IDataObject* pDataObj) {
if (m_dataObject->QueryGetData(&tmp) != S_OK) continue; if (m_dataObject->QueryGetData(&tmp) != S_OK) continue;
if (m_nformats % CACHE_INCR == 0) { if (m_nformats % CACHE_INCR == 0) {
m_formats = (FORMATETC *)safe_Realloc(m_formats, m_formats = (FORMATETC *)SAFE_SIZE_ARRAY_REALLOC(safe_Realloc, m_formats,
(CACHE_INCR + m_nformats) * CACHE_INCR + m_nformats,
sizeof(FORMATETC)); sizeof(FORMATETC));
} }
......
...@@ -333,7 +333,7 @@ JNIEXPORT jboolean JNICALL Java_sun_awt_windows_WInputMethod_setNativeLocale ...@@ -333,7 +333,7 @@ JNIEXPORT jboolean JNICALL Java_sun_awt_windows_WInputMethod_setNativeLocale
// list which is returned by GetKeyboardLayoutList ensures to match first when // list which is returned by GetKeyboardLayoutList ensures to match first when
// looking up suitable layout. // looking up suitable layout.
int layoutCount = ::GetKeyboardLayoutList(0, NULL) + 1; // +1 for user's preferred HKL int layoutCount = ::GetKeyboardLayoutList(0, NULL) + 1; // +1 for user's preferred HKL
HKL FAR * hKLList = (HKL FAR *)safe_Malloc(sizeof(HKL)*layoutCount); HKL FAR * hKLList = (HKL FAR *)SAFE_SIZE_ARRAY_ALLOC(safe_Malloc, sizeof(HKL), layoutCount);
DASSERT(!safe_ExceptionOccurred(env)); DASSERT(!safe_ExceptionOccurred(env));
::GetKeyboardLayoutList(layoutCount - 1, &(hKLList[1])); ::GetKeyboardLayoutList(layoutCount - 1, &(hKLList[1]));
hKLList[0] = getDefaultKeyboardLayout(); // put user's preferred layout on top of the list hKLList[0] = getDefaultKeyboardLayout(); // put user's preferred layout on top of the list
...@@ -444,7 +444,7 @@ JNIEXPORT jobjectArray JNICALL Java_sun_awt_windows_WInputMethodDescriptor_getNa ...@@ -444,7 +444,7 @@ JNIEXPORT jobjectArray JNICALL Java_sun_awt_windows_WInputMethodDescriptor_getNa
// get list of available HKLs // get list of available HKLs
int layoutCount = ::GetKeyboardLayoutList(0, NULL); int layoutCount = ::GetKeyboardLayoutList(0, NULL);
HKL FAR * hKLList = (HKL FAR *)safe_Malloc(sizeof(HKL)*layoutCount); HKL FAR * hKLList = (HKL FAR *)SAFE_SIZE_ARRAY_ALLOC(safe_Malloc, sizeof(HKL), layoutCount);
DASSERT(!safe_ExceptionOccurred(env)); DASSERT(!safe_ExceptionOccurred(env));
::GetKeyboardLayoutList(layoutCount, hKLList); ::GetKeyboardLayoutList(layoutCount, hKLList);
...@@ -453,7 +453,7 @@ JNIEXPORT jobjectArray JNICALL Java_sun_awt_windows_WInputMethodDescriptor_getNa ...@@ -453,7 +453,7 @@ JNIEXPORT jobjectArray JNICALL Java_sun_awt_windows_WInputMethodDescriptor_getNa
int destIndex = 0; int destIndex = 0;
int javaLocaleNameCount = 0; int javaLocaleNameCount = 0;
int current = 0; int current = 0;
const char ** javaLocaleNames = (const char **)safe_Malloc(sizeof(char *)*layoutCount); const char ** javaLocaleNames = (const char **)SAFE_SIZE_ARRAY_ALLOC(safe_Malloc, sizeof(char *), layoutCount);
DASSERT(!safe_ExceptionOccurred(env)); DASSERT(!safe_ExceptionOccurred(env));
for (; srcIndex < layoutCount; srcIndex++) { for (; srcIndex < layoutCount; srcIndex++) {
const char * srcLocaleName = getJavaIDFromLangID(LOWORD(hKLList[srcIndex])); const char * srcLocaleName = getJavaIDFromLangID(LOWORD(hKLList[srcIndex]));
...@@ -517,7 +517,7 @@ JNIEXPORT jstring JNICALL Java_sun_awt_windows_WInputMethod_getNativeIMMDescript ...@@ -517,7 +517,7 @@ JNIEXPORT jstring JNICALL Java_sun_awt_windows_WInputMethod_getNativeIMMDescript
jstring infojStr = NULL; jstring infojStr = NULL;
if ((buffSize = ::ImmGetDescription(hkl, szImmDescription, 0)) > 0) { if ((buffSize = ::ImmGetDescription(hkl, szImmDescription, 0)) > 0) {
szImmDescription = (LPTSTR) safe_Malloc((buffSize+1) * sizeof(TCHAR)); szImmDescription = (LPTSTR) SAFE_SIZE_ARRAY_ALLOC(safe_Malloc, (buffSize+1), sizeof(TCHAR));
if (szImmDescription != NULL) { if (szImmDescription != NULL) {
ImmGetDescription(hkl, szImmDescription, (buffSize+1)); ImmGetDescription(hkl, szImmDescription, (buffSize+1));
......
...@@ -484,8 +484,8 @@ WORD AwtPrintControl::getNearestMatchingPaper(LPTSTR printer, LPTSTR port, ...@@ -484,8 +484,8 @@ WORD AwtPrintControl::getNearestMatchingPaper(LPTSTR printer, LPTSTR port,
NULL, NULL); NULL, NULL);
if (numPaperSizes > 0) { if (numPaperSizes > 0) {
papers = (WORD*)safe_Malloc(sizeof(WORD) * numPaperSizes); papers = (WORD*)SAFE_SIZE_ARRAY_ALLOC(safe_Malloc, sizeof(WORD), numPaperSizes);
paperSizes = (POINT *)safe_Malloc(sizeof(*paperSizes) * paperSizes = (POINT *)SAFE_SIZE_ARRAY_ALLOC(safe_Malloc, sizeof(*paperSizes),
numPaperSizes); numPaperSizes);
DWORD result1 = DeviceCapabilities(printer, port, DWORD result1 = DeviceCapabilities(printer, port,
......
...@@ -433,7 +433,7 @@ Java_sun_awt_windows_WPageDialogPeer__1show(JNIEnv *env, jobject peer) ...@@ -433,7 +433,7 @@ Java_sun_awt_windows_WPageDialogPeer__1show(JNIEnv *env, jobject peer)
int measure = PSD_INTHOUSANDTHSOFINCHES; int measure = PSD_INTHOUSANDTHSOFINCHES;
int sz = GetLocaleInfo(LOCALE_USER_DEFAULT, LOCALE_IMEASURE, NULL, 0); int sz = GetLocaleInfo(LOCALE_USER_DEFAULT, LOCALE_IMEASURE, NULL, 0);
if (sz > 0) { if (sz > 0) {
LPTSTR str = (LPTSTR)safe_Malloc(sizeof(TCHAR) * sz); LPTSTR str = (LPTSTR)SAFE_SIZE_ARRAY_ALLOC(safe_Malloc, sizeof(TCHAR), sz);
if (str != NULL) { if (str != NULL) {
sz = GetLocaleInfo(LOCALE_USER_DEFAULT, LOCALE_IMEASURE, str, sz); sz = GetLocaleInfo(LOCALE_USER_DEFAULT, LOCALE_IMEASURE, str, sz);
if (sz > 0) { if (sz > 0) {
...@@ -645,7 +645,7 @@ Java_sun_awt_windows_WPrinterJob_getDefaultPage(JNIEnv *env, jobject self, ...@@ -645,7 +645,7 @@ Java_sun_awt_windows_WPrinterJob_getDefaultPage(JNIEnv *env, jobject self,
int sz = GetLocaleInfo(LOCALE_USER_DEFAULT, int sz = GetLocaleInfo(LOCALE_USER_DEFAULT,
LOCALE_IMEASURE, NULL, 0); LOCALE_IMEASURE, NULL, 0);
if (sz > 0) { if (sz > 0) {
LPTSTR str = (LPTSTR)safe_Malloc(sizeof(TCHAR) * sz); LPTSTR str = (LPTSTR)SAFE_SIZE_ARRAY_ALLOC(safe_Malloc, sizeof(TCHAR), sz);
if (str != NULL) { if (str != NULL) {
sz = GetLocaleInfo(LOCALE_USER_DEFAULT, sz = GetLocaleInfo(LOCALE_USER_DEFAULT,
LOCALE_IMEASURE, str, sz); LOCALE_IMEASURE, str, sz);
...@@ -2302,8 +2302,8 @@ JNIEXPORT void JNICALL Java_sun_awt_windows_WPrinterJob_textOut ...@@ -2302,8 +2302,8 @@ JNIEXPORT void JNICALL Java_sun_awt_windows_WPrinterJob_textOut
* rounded advances will drift away from the true advance. * rounded advances will drift away from the true advance.
*/ */
if (glyphPos != NULL && strLen > 0) { if (glyphPos != NULL && strLen > 0) {
xadvances = (int*)safe_Malloc(strLen * sizeof(int)); xadvances = (int*)SAFE_SIZE_ARRAY_ALLOC(safe_Malloc, strLen, sizeof(int));
xyadvances = (int*)safe_Malloc(strLen * sizeof(int) * 2); xyadvances = (int*)SAFE_SIZE_ARRAY_ALLOC(safe_Malloc, strLen, sizeof(int) * 2);
} }
if (xadvances != NULL && xyadvances != NULL) { if (xadvances != NULL && xyadvances != NULL) {
int *inxAdvances = xadvances; int *inxAdvances = xadvances;
...@@ -2513,8 +2513,9 @@ static jbyte* reverseDIB(jbyte* imageBits, long srcWidth, long srcHeight, ...@@ -2513,8 +2513,9 @@ static jbyte* reverseDIB(jbyte* imageBits, long srcWidth, long srcHeight,
if ((imgWidthByteSz % sizeof(DWORD)) != 0) if ((imgWidthByteSz % sizeof(DWORD)) != 0)
padBytes = sizeof(DWORD) - (imgWidthByteSz % sizeof(DWORD)); padBytes = sizeof(DWORD) - (imgWidthByteSz % sizeof(DWORD));
jbyte* alignedImage = (jbyte*) SAFE_SIZE_ARRAY_ALLOC(safe_Malloc,
imgWidthByteSz+padBytes, ROUND_TO_LONG(srcHeight));
long newImgSize = (imgWidthByteSz+padBytes) * ROUND_TO_LONG(srcHeight); long newImgSize = (imgWidthByteSz+padBytes) * ROUND_TO_LONG(srcHeight);
jbyte* alignedImage = (jbyte*) safe_Malloc(newImgSize);
if (alignedImage != NULL) { if (alignedImage != NULL) {
memset(alignedImage, 0xff, newImgSize); memset(alignedImage, 0xff, newImgSize);
...@@ -3116,7 +3117,7 @@ static POINT *getPaperSizeList(LPCTSTR deviceName, LPCTSTR portName) { ...@@ -3116,7 +3117,7 @@ static POINT *getPaperSizeList(LPCTSTR deviceName, LPCTSTR portName) {
DC_PAPERSIZE, NULL, NULL); DC_PAPERSIZE, NULL, NULL);
if (numPaperSizes > 0) { if (numPaperSizes > 0) {
paperSizes = (POINT *)safe_Malloc(sizeof(*paperSizes) * numPaperSizes); paperSizes = (POINT *)SAFE_SIZE_ARRAY_ALLOC(safe_Malloc, sizeof(*paperSizes), numPaperSizes);
DWORD result = DeviceCapabilities(deviceName, portName, DWORD result = DeviceCapabilities(deviceName, portName,
DC_PAPERSIZE, (LPTSTR) paperSizes, DC_PAPERSIZE, (LPTSTR) paperSizes,
...@@ -3766,8 +3767,8 @@ static void matchPaperSize(HDC printDC, HGLOBAL hDevMode, HGLOBAL hDevNames, ...@@ -3766,8 +3767,8 @@ static void matchPaperSize(HDC printDC, HGLOBAL hDevMode, HGLOBAL hDevNames,
numPaperSizes = (int)DeviceCapabilities(printer, port, DC_PAPERSIZE, numPaperSizes = (int)DeviceCapabilities(printer, port, DC_PAPERSIZE,
NULL, NULL); NULL, NULL);
if (numPaperSizes > 0) { if (numPaperSizes > 0) {
papers = (WORD*)safe_Malloc(sizeof(WORD) * numPaperSizes); papers = (WORD*)SAFE_SIZE_ARRAY_ALLOC(safe_Malloc, sizeof(WORD), numPaperSizes);
paperSizes = (POINT *)safe_Malloc(sizeof(*paperSizes) * numPaperSizes); paperSizes = (POINT *)SAFE_SIZE_ARRAY_ALLOC(safe_Malloc, sizeof(*paperSizes), numPaperSizes);
DWORD result1 = DeviceCapabilities(printer, port, DWORD result1 = DeviceCapabilities(printer, port,
DC_PAPERS, (LPTSTR) papers, NULL); DC_PAPERS, (LPTSTR) papers, NULL);
......
...@@ -234,7 +234,9 @@ void AwtRobot::GetRGBPixels(jint x, jint y, jint width, jint height, jintArray p ...@@ -234,7 +234,9 @@ void AwtRobot::GetRGBPixels(jint x, jint y, jint width, jint height, jintArray p
static const int BITS_PER_PIXEL = 32; static const int BITS_PER_PIXEL = 32;
static const int BYTES_PER_PIXEL = BITS_PER_PIXEL/8; static const int BYTES_PER_PIXEL = BITS_PER_PIXEL/8;
if (!IS_SAFE_SIZE_MUL(width, height)) throw std::bad_alloc();
int numPixels = width*height; int numPixels = width*height;
if (!IS_SAFE_SIZE_MUL(BYTES_PER_PIXEL, numPixels)) throw std::bad_alloc();
int pixelDataSize = BYTES_PER_PIXEL*numPixels; int pixelDataSize = BYTES_PER_PIXEL*numPixels;
DASSERT(pixelDataSize > 0 && pixelDataSize % 4 == 0); DASSERT(pixelDataSize > 0 && pixelDataSize % 4 == 0);
// allocate memory for BITMAPINFO + pixel data // allocate memory for BITMAPINFO + pixel data
...@@ -244,6 +246,9 @@ void AwtRobot::GetRGBPixels(jint x, jint y, jint width, jint height, jintArray p ...@@ -244,6 +246,9 @@ void AwtRobot::GetRGBPixels(jint x, jint y, jint width, jint height, jintArray p
// end of our block of memory. Now we allocate sufficient memory. // end of our block of memory. Now we allocate sufficient memory.
// See MSDN docs for BITMAPINFOHEADER -bchristi // See MSDN docs for BITMAPINFOHEADER -bchristi
if (!IS_SAFE_SIZE_ADD(sizeof(BITMAPINFOHEADER) + 3 * sizeof(RGBQUAD), pixelDataSize)) {
throw std::bad_alloc();
}
BITMAPINFO * pinfo = (BITMAPINFO *)(new BYTE[sizeof(BITMAPINFOHEADER) + 3 * sizeof(RGBQUAD) + pixelDataSize]); BITMAPINFO * pinfo = (BITMAPINFO *)(new BYTE[sizeof(BITMAPINFOHEADER) + 3 * sizeof(RGBQUAD) + pixelDataSize]);
// pixel data starts after 3 RGBQUADS for color masks // pixel data starts after 3 RGBQUADS for color masks
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册