On Wed, 10 Nov 2021 12:46:08 GMT, Kevin Rushforth <k...@openjdk.org> wrote:
>> This bug is caused by not sanity checking the data returned by a call to the >> Windows Clipboard `IDataObject::GetData` method. When requesting a file >> descriptor with a format of either `CFSTR_FILEDESCRIPTORA` or >> `CFSTR_FILEDESCRIPTORW`, which returns a list of file names, the first word >> of the returned data buffer is supposed to be the number of items that >> follow. Applications can put data on the clipboard in such a way that it >> will respond to a request to return the list of files from the clipboard >> with data that isn't formatted correctly, so we can't assume that the first >> word is a valid count. >> >> The fix is to check the returned buffer size against the item count. I added >> a regression test that fails before and passes after the fix. > > Kevin Rushforth has updated the pull request incrementally with one > additional commit since the last revision: > > Update check to test that bufferSize is exactly the right size The changes look fine to me ------------- Marked as reviewed by pbansal (Committer). PR: https://git.openjdk.java.net/jfx/pull/662
