On Mon, 25 Aug 2025 13:26:10 GMT, Artem Semenov <aseme...@openjdk.org> wrote:
>> The defect has been detected and confirmed in the function >> OGLBlitToSurfaceViaTexture() located in the file >> src/java.desktop/share/native/common/java2d/opengl/OGLBlitLoops.c with >> static code analysis. This defect can potentially lead to a null pointer >> dereference. >> >> The pointer pf is dereferenced in line 324 without checking for nullptr, >> although earlier in line 274 the same pointer is checked for nullptr, which >> indicates that it can be null. >> >> In the same file, line 551 calls OGLBlitToSurfaceViaTexture() from line 263, >> where NULL is passed in place of pf. >> All other calls are fine. >> >> Also, another function with a similar issue from the same file, >> OGLBlitSwToTexture() from line 396. >> >> In src/java.desktop/unix/native/libawt_xawt/awt/gtk3_interface.c gtk3_load() >> The pointer fp_glib_check_version can be null, but it is dereferenced >> without any check. Although in the same file, for example, line 280 contains >> a check, this check does not lead to termination of execution. >> >> >> In src/java.desktop/share/native/libsplashscreen/splashscreen_gif.c >> SplashDecodeGif() >> The pointer colorMap is dereferenced after it has been checked against >> nullptr in lines 151 and 206. Moreover, between these checks and the >> mentioned location (line 282), the pointer is not modified in any way. >> >> According to >> [this](https://github.com/openjdk/jdk/pull/26002#issuecomment-3023050372) >> comment, this PR contains fixes for similar cases in other places. > > Artem Semenov has updated the pull request incrementally with two additional > commits since the last revision: > > - Updated fix fore > src/java.desktop/unix/native/libawt_xawt/awt/gtk3_interface.c gtk3_load() > - Revert "The same issue is present in > src/java.desktop/unix/native/libawt_xawt/awt/gtk3_interface.c gtk3_load()" > > This reverts commit a369e3af3abb11eb1163c1ea461e1558b8838551. src/java.desktop/share/native/common/java2d/opengl/OGLBlitLoops.c line 325: > 323: sy, srcInfo->scanStride); > 324: if (pf != NULL) { > 325: if > (slowPath) { The current indentation does seem to be off. GLvoid *pSrc = PtrCoord(srcInfo->rasBase, sx, srcInfo->pixelStride, sy, srcInfo->scanStride); if (pf) { if (slowPath) { jint tmph = sh; while (tmph > 0) { ... The same applies to the other added if statement. src/java.desktop/share/native/libsplashscreen/splashscreen_gif.c line 283: > 281: > 282: if (((colorMap != NULL) && (colorMap->Colors != NULL)) && > 283: (transparentColor < 0)) { Suggestion: if (colorMap != NULL && colorMap->Colors != NULL && transparentColor < 0) { or even Suggestion: if (colorMap && colorMap->Colors && transparentColor < 0) { ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/26799#discussion_r2307305381 PR Review Comment: https://git.openjdk.org/jdk/pull/26799#discussion_r2307278440
