stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

6823373: [ZDI-CAN-460] Java Web Start JPEG header parsing needs more scruity

Browse Source 
Reviewed-by: igor
This commit is contained in:
Andrew Brygin 2009-05-08 16:15:15 +04:00
parent 8fdb1d367a
commit 813ad65e9a
1 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
jdk/src/share/native/sun/awt/splashscreen/splashscreen_jpeg.c
View File

@ -139,21 +139,45 @@ SplashDecodeJpeg(Splash * splash, struct jpeg_decompress_struct *cinfo)
splash->width = cinfo->output_width;
splash->height = cinfo->output_height;
if (!SAFE_TO_ALLOC(splash->imageFormat.depthBytes, splash->width)) {
return 0;
}
stride = splash->width * splash->imageFormat.depthBytes;
if (!SAFE_TO_ALLOC(stride, splash->height)) {
return 0;
}
if (!SAFE_TO_ALLOC(cinfo->output_width, cinfo->output_components)) {
return 0;
}
splash->frameCount = 1;
splash->frames = (SplashImage *) malloc(sizeof(SplashImage) *
splash->frameCount);
if (splash->frames == NULL) {
return 0;
}
memset(splash->frames, 0, sizeof(SplashImage) *
splash->frameCount);
splash->loopCount = 1;
splash->frames[0].bitmapBits = malloc(stride * splash->height);
splash->frames[0].delay = 0;
splash->frames[0].bitmapBits = malloc(stride * splash->height);
if (splash->frames[0].bitmapBits == NULL) {
free(splash->frames);
return 0;
}
rowStride = cinfo->output_width * cinfo->output_components;
buffer = (*cinfo->mem->alloc_sarray)
((j_common_ptr) cinfo, JPOOL_IMAGE, rowStride, 1);
if (buffer == NULL) {
free(splash->frames[0].bitmapBits);
free(splash->frames);
return 0;
}
initFormat(&srcFormat, 0x00FF0000, 0x0000FF00, 0x000000FF, 0x00000000);
srcFormat.byteOrder = BYTE_ORDER_LSBFIRST;