From f7e157708cbb55af459840e9ade2bd2d297df47c Mon Sep 17 00:00:00 2001 From: prr Date: Wed, 18 Dec 2013 09:15:23 -0800 Subject: [PATCH] 8029854: Enhance JPEG decodings Reviewed-by: bae, vadim, mschoene --- src/share/native/sun/awt/image/gif/gifdecoder.c | 1 + src/share/native/sun/awt/image/jpeg/imageioJPEG.c | 2 ++ src/share/native/sun/awt/image/jpeg/jpegdecoder.c | 3 +++ 3 files changed, 6 insertions(+) diff --git a/src/share/native/sun/awt/image/gif/gifdecoder.c b/src/share/native/sun/awt/image/gif/gifdecoder.c index dc464291f..55b3cfb24 100644 --- a/src/share/native/sun/awt/image/gif/gifdecoder.c +++ b/src/share/native/sun/awt/image/gif/gifdecoder.c @@ -249,6 +249,7 @@ Java_sun_awt_image_GifImageDecoder_parseImage(JNIEnv *env, /* fill the block */ len = (*env)->CallIntMethod(env, this, readID, blockh, remain, blockLength + 1); + if (len > blockLength + 1) len = blockLength + 1; if ((*env)->ExceptionOccurred(env)) { return 0; } diff --git a/src/share/native/sun/awt/image/jpeg/imageioJPEG.c b/src/share/native/sun/awt/image/jpeg/imageioJPEG.c index d1e84df19..0c674f1eb 100644 --- a/src/share/native/sun/awt/image/jpeg/imageioJPEG.c +++ b/src/share/native/sun/awt/image/jpeg/imageioJPEG.c @@ -939,6 +939,7 @@ imageio_fill_input_buffer(j_decompress_ptr cinfo) JPEGImageReader_readInputDataID, sb->hstreamBuffer, 0, sb->bufferLength); + if (ret > sb->bufferLength) ret = sb->bufferLength; if ((*env)->ExceptionOccurred(env) || !GET_ARRAYS(env, data, &(src->next_input_byte))) { cinfo->err->error_exit((j_common_ptr) cinfo); @@ -1035,6 +1036,7 @@ imageio_fill_suspended_buffer(j_decompress_ptr cinfo) JPEGImageReader_readInputDataID, sb->hstreamBuffer, offset, buflen); + if (ret > buflen) ret = buflen; if ((*env)->ExceptionOccurred(env) || !GET_ARRAYS(env, data, &(src->next_input_byte))) { cinfo->err->error_exit((j_common_ptr) cinfo); diff --git a/src/share/native/sun/awt/image/jpeg/jpegdecoder.c b/src/share/native/sun/awt/image/jpeg/jpegdecoder.c index 1cb1da050..2d0599717 100644 --- a/src/share/native/sun/awt/image/jpeg/jpegdecoder.c +++ b/src/share/native/sun/awt/image/jpeg/jpegdecoder.c @@ -289,6 +289,7 @@ sun_jpeg_fill_input_buffer(j_decompress_ptr cinfo) buflen = (*env)->GetArrayLength(env, src->hInputBuffer); ret = (*env)->CallIntMethod(env, src->hInputStream, InputStream_readID, src->hInputBuffer, 0, buflen); + if (ret > buflen) ret = buflen; if ((*env)->ExceptionOccurred(env) || !GET_ARRAYS(env, src)) { cinfo->err->error_exit((struct jpeg_common_struct *) cinfo); } @@ -349,6 +350,7 @@ sun_jpeg_fill_suspended_buffer(j_decompress_ptr cinfo) } ret = (*env)->CallIntMethod(env, src->hInputStream, InputStream_readID, src->hInputBuffer, offset, buflen); + if (ret > buflen) ret = buflen; if ((*env)->ExceptionOccurred(env) || !GET_ARRAYS(env, src)) { cinfo->err->error_exit((struct jpeg_common_struct *) cinfo); } @@ -424,6 +426,7 @@ sun_jpeg_skip_input_data(j_decompress_ptr cinfo, long num_bytes) ret = (*env)->CallIntMethod(env, src->hInputStream, InputStream_readID, src->hInputBuffer, 0, buflen); + if (ret > buflen) ret = buflen; if ((*env)->ExceptionOccurred(env)) { cinfo->err->error_exit((struct jpeg_common_struct *) cinfo); } -- GitLab