On Fri, 28 Jan 2022 01:13:56 GMT, Sergey Bylokhov <[email protected]> wrote:
> > ```
> > * I still see a need for a safety check in native code
> > ```
>
>
> I can add some check but which one? In the native we should use the bounds we
> passed from java side, the problem is that we pass "1 * scale" = 'scale", but
> allocate the array as "new int[1]" so this is an issue on that java side in
> the changed method.
Isn't the over-run supposed to be here :
JNIEXPORT void JNICALL
Java_sun_lwawt_macosx_CRobot_nativeGetScreenPixels
(JNIEnv *env, jobject peer,
jint x, jint y, jint width, jint height, jdouble scale, jintArray pixels)
void *jPixelData = (*env)->GetPrimitiveArrayCritical(env, pixels, 0);
CGContextRef jPicContextRef = CGBitmapContextCreate(
jPixelData,
picWidth, picHeight,
8, picWidth * sizeof(jint),
picColorSpace,
kCGBitmapByteOrder32Host |
kCGImageAlphaPremultipliedFirst)
And then the apple docs at
https://developer.apple.com/documentation/coregraphics/1455939-cgbitmapcontextcreate/
say
about the 1st parameter :
Data
A pointer to the destination in memory where the drawing is to be rendered.
The size of this memory block should be at least (bytesPerRow*height) bytes.
and picWidth * sizeof(jint), is bytes per row.
So if it the Java array pixels is just one int (4 bytes) and we have a
scale of 2 when it needs to be 4 ints (16 bytes) we'd have the over-run ?
Then why can't we just make sure (*env)->GetArrayLength(env, pixels) >=
picWidth * picHeight ??
-------------
PR: https://git.openjdk.java.net/jdk/pull/5864
