-
Bug
-
Resolution: Fixed
-
P4
-
9
-
b29
-
os_x
Java_sun_lwawt_macosx_NSEvent_nsToJavaKeyInfo() calls SetIntArrayRegion() which expects a jint, but jchar is passed.
http://hg.openjdk.java.net/jdk9/dev/jdk/file/0526526e7302/src/java.desktop/macosx/native/libawt_lwawt/awt/AWTEvent.m#l710
...
jchar testDeadChar = 0;
NsCharToJavaVirtualKeyCode((unichar)testChar, isDeadChar,
(NSUInteger)modifierFlags, (unsigned short)keyCode,
&jkeyCode, &jkeyLocation, &postsTyped, &testDeadChar);
// out = [jkeyCode, jkeyLocation];
(*env)->SetIntArrayRegion(env, outData, 0, 1, &jkeyCode);
(*env)->SetIntArrayRegion(env, outData, 1, 1, &jkeyLocation);
(*env)->SetIntArrayRegion(env, outData, 2, 1, (jint *)&testDeadChar);
...
As a result, SetIntArrayRegion() over-reads memory allocated on stack for 'testDeadChar' variable. This doesn't seem to be dangerous, but I'll let the Client team to evaluate it.
http://hg.openjdk.java.net/jdk9/dev/jdk/file/0526526e7302/src/java.desktop/macosx/native/libawt_lwawt/awt/AWTEvent.m#l710
...
jchar testDeadChar = 0;
NsCharToJavaVirtualKeyCode((unichar)testChar, isDeadChar,
(NSUInteger)modifierFlags, (unsigned short)keyCode,
&jkeyCode, &jkeyLocation, &postsTyped, &testDeadChar);
// out = [jkeyCode, jkeyLocation];
(*env)->SetIntArrayRegion(env, outData, 0, 1, &jkeyCode);
(*env)->SetIntArrayRegion(env, outData, 1, 1, &jkeyLocation);
(*env)->SetIntArrayRegion(env, outData, 2, 1, (jint *)&testDeadChar);
...
As a result, SetIntArrayRegion() over-reads memory allocated on stack for 'testDeadChar' variable. This doesn't seem to be dangerous, but I'll let the Client team to evaluate it.