Hello, I noticed that we miss a check of the sscanf return code in
awt_ImagingLib.c , should we add a check like we do at almost all other places
of sscanf calls ?
(like the code below )
Thanks, Matthias
diff -r 3ca4a8016584
src/java.desktop/share/native/libawt/awt/medialib/awt_ImagingLib.c
--- a/src/java.desktop/share/native/libawt/awt/medialib/awt_ImagingLib.c
Thu Jan 16 18:04:23 2020 +0100
+++ b/src/java.desktop/share/native/libawt/awt/medialib/awt_ImagingLib.c
Tue Jan 21 10:31:34 2020 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -1771,6 +1771,7 @@
JNIEXPORT jboolean JNICALL
Java_sun_awt_image_ImagingLib_init(JNIEnv *env, jclass thisClass) {
char *start;
+ int srs = 0;
if (getenv("IMLIB_DEBUG")) {
start_timer = awt_setMlibStartTimer();
stop_timer = awt_setMlibStopTimer();
@@ -1783,7 +1784,12 @@
s_printIt = 1;
}
if ((start = getenv("IMLIB_START")) != NULL) {
- sscanf(start, "%d", &s_startOff);
+ srs = sscanf(start, "%d", &s_startOff);
+ if (srs != 1) {
+ s_nomlib = 1;
+ fprintf(stderr, "Failure - reading from IMLIB_START failed.\n");
+ return JNI_FALSE;
+ }
}
