7020198: ImageIcon creates Component with null acc

Reviewed-by: rupashka, hawtin

7020198: ImageIcon creates Component with null acc
Reviewed-by: rupashka, hawtin
dc6d3f6f · alexp · 899f87d6 · dc6d3f6f
隐藏空白更改
内联并排

Showing with 30 addition and 12 deletion

src/share/classes/javax/swing/ImageIcon.java src/share/classes/javax/swing/ImageIcon.java +30 -12

未找到文件。
--- a/src/share/classes/javax/swing/ImageIcon.java
+++ b/src/share/classes/javax/swing/ImageIcon.java
@@ -40,8 +40,7 @@ import javax.accessibility.*;

 import sun.awt.AppContext;
 import java.lang.reflect.Field;
-import java.security.PrivilegedAction;
-import java.security.AccessController;
+import java.security.*;

 /**
 * An implementation of the Icon interface that paints Icons
@@ -81,32 +80,51 @@ public class ImageIcon implements Icon, Serializable, Accessible {
    ImageObserver imageObserver;
    String description = null;

+    // Fields for twisted backward compatibility only. DO NOT USE.
    protected final static Component component;
    protected final static MediaTracker tracker;

    static {
-        component = new Component() {};
-        AccessController.doPrivileged(new PrivilegedAction<Object>() {
-            public Object run() {
+        component = AccessController.doPrivileged(new PrivilegedAction<Component>() {
+            public Component run() {
                try {
+                    final Component component = createNoPermsComponent();
+
                    // 6482575 - clear the appContext field so as not to leak it
                    Field appContextField =
-                                 Component.class.getDeclaredField("appContext");
+
+                            Component.class.getDeclaredField("appContext");
                    appContextField.setAccessible(true);
                    appContextField.set(component, null);
-                }
-                catch (NoSuchFieldException e) {
-                    e.printStackTrace();
-                }
-                catch (IllegalAccessException e) {
+
+                    return component;
+                } catch (Throwable e) {
+                    // We don't care about component.
+                    // So don't prevent class initialisation.
                    e.printStackTrace();
+                    return null;
                }
-                return null;
            }
        });
        tracker = new MediaTracker(component);
    }

+    private static Component createNoPermsComponent() {
+        // 7020198 - set acc field to no permissions and no subject
+        // Note, will have appContext set.
+        return AccessController.doPrivileged(
+                new PrivilegedAction<Component>() {
+                    public Component run() {
+                        return new Component() {
+                        };
+                    }
+                },
+                new AccessControlContext(new ProtectionDomain[]{
+                        new ProtectionDomain(null, null)
+                })
+        );
+    }
+
    /**
     * Id used in loading images from MediaTracker.
     */