This bug is caused by not sanity checking the data returned by a call to the Windows Clipboard `IDataObject::GetData` method. When requesting a file descriptor with a format of either `CFSTR_FILEDESCRIPTORA` or `CFSTR_FILEDESCRIPTORW`, which returns a list of file names, the first word of the returned data buffer is supposed to be the number of items that follow. Applications can put data on the clipboard in such a way that it will respond to a request to return the list of files from the clipboard with data that isn't formatted correctly, so we can't assume that the first word is a valid count.
The fix is to check the returned buffer size against the item count. I added a regression test that fails before and passes after the fix. ------------- Commit messages: - 8274929: Crash while reading specific clipboard content Changes: https://git.openjdk.java.net/jfx/pull/662/files Webrev: https://webrevs.openjdk.java.net/?repo=jfx&pr=662&range=00 Issue: https://bugs.openjdk.java.net/browse/JDK-8274929 Stats: 115 lines in 3 files changed: 111 ins; 0 del; 4 mod Patch: https://git.openjdk.java.net/jfx/pull/662.diff Fetch: git fetch https://git.openjdk.java.net/jfx pull/662/head:pull/662 PR: https://git.openjdk.java.net/jfx/pull/662
