On Thu, 28 Aug 2025 13:19:02 GMT, Artem Semenov <aseme...@openjdk.org> wrote:
>> The defect has been detected and confirmed in the function >> OGLBlitToSurfaceViaTexture() located in the file >> src/java.desktop/share/native/common/java2d/opengl/OGLBlitLoops.c with >> static code analysis. This defect can potentially lead to a null pointer >> dereference. >> >> The pointer pf is dereferenced in line 324 without checking for nullptr, >> although earlier in line 274 the same pointer is checked for nullptr, which >> indicates that it can be null. >> >> In the same file, line 551 calls OGLBlitToSurfaceViaTexture() from line 263, >> where NULL is passed in place of pf. >> All other calls are fine. >> >> Also, another function with a similar issue from the same file, >> OGLBlitSwToTexture() from line 396. >> >> In src/java.desktop/unix/native/libawt_xawt/awt/gtk3_interface.c gtk3_load() >> The pointer fp_glib_check_version can be null, but it is dereferenced >> without any check. Although in the same file, for example, line 280 contains >> a check, this check does not lead to termination of execution. >> >> >> In src/java.desktop/share/native/libsplashscreen/splashscreen_gif.c >> SplashDecodeGif() >> The pointer colorMap is dereferenced after it has been checked against >> nullptr in lines 151 and 206. Moreover, between these checks and the >> mentioned location (line 282), the pointer is not modified in any way. >> >> According to >> [this](https://github.com/openjdk/jdk/pull/26002#issuecomment-3023050372) >> comment, this PR contains fixes for similar cases in other places. > > Artem Semenov has updated the pull request incrementally with one additional > commit since the last revision: > > Fixed indentation src/java.desktop/share/native/common/java2d/opengl/OGLBlitLoops.c line 324: > 322: sx, srcInfo->pixelStride, > 323: sy, srcInfo->scanStride); > 324: if (pf != NULL) { I don't think any of these changes in this file are necessary. pf is null IFF sw_surface == JNI_FALSE and iin that case, we never end the loop where pf is needed. Put another way, if you look at the call sites one is pf != null, srcOps == NULL, sw_surface == FALSE the other is pf == null, srcOps != NULL, sw_surface == TRUE and you can see that srcOps would have the same theoretical issue except that it would be a bug to call it with the wrong value of sw_surface. So revert all changes in this file. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/26799#discussion_r2310615698
