On Mon, 30 Oct 2023 06:55:11 GMT, Jayathirth D V <j...@openjdk.org> wrote:
> In SW pipeline path of Box/Gaussian Blur/Shadow effects we are not checking
> for range when we read data from the source/destination buffers in native
> code.
>
> We need to add appropriate range checks in native JNI code also apart from
> range checks in Java side to make sure that wherever these JNI methods are
> used we are not performing out of bounds access.
modules/javafx.graphics/src/main/native-decora/SSELinearConvolveShadowPeer.cc
line 133:
> 131: dstrows > srcrows) { // We should not move out of source
> vertical bounds
> 132: return;
> 133: }
Instead of copy-pasting the same checks in all the missing places, isn't it
better to create a check method (say in `SSEUtils`) and call if from all the
places? Like in the style of `java.util.Objects::checkRange`.
-------------
PR Review Comment: https://git.openjdk.org/jfx/pull/1272#discussion_r1376047953
