On Wed, 10 Nov 2021 01:06:40 GMT, Kevin Rushforth <k...@openjdk.org> wrote:
>> Then shouldn't we also not trust the data if `bufferSize` is larger than it >> needs to be? The documentation of `FILEGROUPDESCRIPTORA/W` says that >> `cItems` should correspond exactly to the numer of items in the array that >> follows. > >> Then shouldn't we also not trust the data if bufferSize is larger than it >> needs to be? > > Yes, that's a good point. > > In order to avoid integer overflow, I'll probably leave the two existing > tests, and add a third (or else do the test using a `jlong`). Something like > this should work: > > > jsize bufferSize = me.size() - sizeof(UINT); > if ((pdata->cItems > 0) && > (bufferSize / pdata->cItems >= itemSize) && > (bufferSize == pdata->cItems * itemSize)) > > > I'll update this tomorrow. Fixed. I decided it was cleaner to use `jlong` and just have the equality check. ------------- PR: https://git.openjdk.java.net/jfx/pull/662
