Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6375809

awt_ScrollPane.c incorrectly malloc a struct ComponentData instead of a struct CanvasData

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P4
    • Resolution: Won't Fix
    • Affects Version/s: 1.4.2_10
    • Fix Version/s: None
    • Component/s: client-libs
    • Subcomponent:
    • CPU:
      generic
    • OS:
      solaris

      Description

      There is a bug in src/solaris/native/sun/awt/awt_ScrollPane.c. This is the native backing code for sun.awt.motif.MScrollPanePeer. MScrollPanePeer is a MPanelPeer which is a MCanvasPeer. However, when the native code malloc's the struct for the native data for the Peer, it only malloc's enough space for a struct ComponentData. However the native backing data should be a struct CanvasData. Where this bug manifests itself is in src/solaris/native/sun/awt/awt_Canvas.c. This code is passed the 'parent' jobject, and assumes that it's native backing data is as large as a struct CanvasData. However, a ScrollPane can be the parent of a Canvas, and when Java_sun_awt_motif_MCanvasPeer_create() executes in this situation, it casts the parent's native pointer to a struct CanvasData and reads memory outside of the malloc'd struct ComponentData towards the end of the function.

      The solution I found to this bug is to have awt_ScrollPane.c malloc a struct CanvasData instead of a struct ComponentData. The source diff is in suggested fix.

        Attachments

          Activity

            People

            • Assignee:
              dav Andrei Dmitriev (Inactive)
              Reporter:
              mmma Marvin Ma (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Imported:
                Indexed: