On Tue, 9 Nov 2021 16:57:58 GMT, Kevin Rushforth <k...@openjdk.org> wrote:
> This bug is caused by not sanity checking the data returned by a call to the > Windows Clipboard `IDataObject::GetData` method. When requesting a file > descriptor with a format of either `CFSTR_FILEDESCRIPTORA` or > `CFSTR_FILEDESCRIPTORW`, which returns a list of file names, the first word > of the returned data buffer is supposed to be the number of items that > follow. Applications can put data on the clipboard in such a way that it will > respond to a request to return the list of files from the clipboard with data > that isn't formatted correctly, so we can't assume that the first word is a > valid count. > > The fix is to check the returned buffer size against the item count. I added > a regression test that fails before and passes after the fix. modules/javafx.graphics/src/main/native-glass/win/GlassClipboard.cpp line 1307: > 1305: jsize bufferSize = me.size() - sizeof(UINT); > 1306: if ((pdata->cItems > 0) && > 1307: (bufferSize / pdata->cItems >= itemSize)) Instead of discarding all the data, have you considered reading `min(pdata->cItems, bufferSize / itemSize)` items? ------------- PR: https://git.openjdk.java.net/jfx/pull/662
