Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8178274

Java_sun_lwawt_macosx_NSEvent_nsToJavaKeyInfo() overreads jchar variable

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P4
    • Resolution: Fixed
    • Affects Version/s: 9
    • Fix Version/s: 10
    • Component/s: client-libs
    • Labels:
    • Subcomponent:
    • Resolved In Build:
      b29
    • OS:
      os_x

      Description

      Java_sun_lwawt_macosx_NSEvent_nsToJavaKeyInfo() calls SetIntArrayRegion() which expects a jint, but jchar is passed.

      http://hg.openjdk.java.net/jdk9/dev/jdk/file/0526526e7302/src/java.desktop/macosx/native/libawt_lwawt/awt/AWTEvent.m#l710

      ...
          jchar testDeadChar = 0;

          NsCharToJavaVirtualKeyCode((unichar)testChar, isDeadChar,
                                     (NSUInteger)modifierFlags, (unsigned short)keyCode,
                                     &jkeyCode, &jkeyLocation, &postsTyped, &testDeadChar);

          // out = [jkeyCode, jkeyLocation];
          (*env)->SetIntArrayRegion(env, outData, 0, 1, &jkeyCode);
          (*env)->SetIntArrayRegion(env, outData, 1, 1, &jkeyLocation);
          (*env)->SetIntArrayRegion(env, outData, 2, 1, (jint *)&testDeadChar);
      ...

      As a result, SetIntArrayRegion() over-reads memory allocated on stack for 'testDeadChar' variable. This doesn't seem to be dangerous, but I'll let the Client team to evaluate it.

        Attachments

          Activity

            People

            Assignee:
            serb Sergey Bylokhov
            Reporter:
            asmotrak Artem Smotrakov
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: