> This bug is caused by not sanity checking the data returned by a call to the > Windows Clipboard `IDataObject::GetData` method. When requesting a file > descriptor with a format of either `CFSTR_FILEDESCRIPTORA` or > `CFSTR_FILEDESCRIPTORW`, which returns a list of file names, the first word > of the returned data buffer is supposed to be the number of items that > follow. Applications can put data on the clipboard in such a way that it will > respond to a request to return the list of files from the clipboard with data > that isn't formatted correctly, so we can't assume that the first word is a > valid count. > > The fix is to check the returned buffer size against the item count. I added > a regression test that fails before and passes after the fix.
Kevin Rushforth has updated the pull request incrementally with one additional commit since the last revision: Update check to test that bufferSize is exactly the right size ------------- Changes: - all: https://git.openjdk.java.net/jfx/pull/662/files - new: https://git.openjdk.java.net/jfx/pull/662/files/abcd51c4..ff5f9c1a Webrevs: - full: https://webrevs.openjdk.java.net/?repo=jfx&pr=662&range=01 - incr: https://webrevs.openjdk.java.net/?repo=jfx&pr=662&range=00-01 Stats: 2 lines in 1 file changed: 0 ins; 0 del; 2 mod Patch: https://git.openjdk.java.net/jfx/pull/662.diff Fetch: git fetch https://git.openjdk.java.net/jfx pull/662/head:pull/662 PR: https://git.openjdk.java.net/jfx/pull/662
