-
Bug
-
Resolution: Unresolved
-
P3
-
8u65, 9
-
b61
-
windows
The code in `regEnable` [1] and `regDeleteValue` functions allocate a new buffer if the default buffer is too small. But the newly allocated buffer is never freed.
Moreover, the re-allocated isn't used to read the value. Initially, `data` is assigned `dataBuffer`; if a larger buffer is needed, the buffer is stored in `data` only, yet the following code [2] reads value from `dataBuffer` directly.
The bug is found during code review [3] for JDK-8342870.
[1] https://github.com/openjdk/jdk/blob/4a9fba615da0dfa6646ecb9fd9d929f74fe6875e/src/jdk.accessibility/windows/native/jabswitch/jabswitch.cpp#L336-L341
[2] https://github.com/openjdk/jdk/blob/4a9fba615da0dfa6646ecb9fd9d929f74fe6875e/src/jdk.accessibility/windows/native/jabswitch/jabswitch.cpp#L343-L347
[3] https://github.com/openjdk/jdk/pull/21656#discussion_r1923750005
Moreover, the re-allocated isn't used to read the value. Initially, `data` is assigned `dataBuffer`; if a larger buffer is needed, the buffer is stored in `data` only, yet the following code [2] reads value from `dataBuffer` directly.
The bug is found during code review [3] for JDK-8342870.
[1] https://github.com/openjdk/jdk/blob/4a9fba615da0dfa6646ecb9fd9d929f74fe6875e/src/jdk.accessibility/windows/native/jabswitch/jabswitch.cpp#L336-L341
[2] https://github.com/openjdk/jdk/blob/4a9fba615da0dfa6646ecb9fd9d929f74fe6875e/src/jdk.accessibility/windows/native/jabswitch/jabswitch.cpp#L343-L347
[3] https://github.com/openjdk/jdk/pull/21656#discussion_r1923750005
- relates to
-
-
- Open
-