On Wed, 10 Nov 2021 12:46:08 GMT, Kevin Rushforth <k...@openjdk.org> wrote:
>> This bug is caused by not sanity checking the data returned by a call to the >> Windows Clipboard `IDataObject::GetData` method. When requesting a file >> descriptor with a format of either `CFSTR_FILEDESCRIPTORA` or >> `CFSTR_FILEDESCRIPTORW`, which returns a list of file names, the first word >> of the returned data buffer is supposed to be the number of items that >> follow. Applications can put data on the clipboard in such a way that it >> will respond to a request to return the list of files from the clipboard >> with data that isn't formatted correctly, so we can't assume that the first >> word is a valid count. >> >> The fix is to check the returned buffer size against the item count. I added >> a regression test that fails before and passes after the fix. > > Kevin Rushforth has updated the pull request incrementally with one > additional commit since the last revision: > > Update check to test that bufferSize is exactly the right size tests/system/src/test/java/test/javafx/scene/input/ClipboardTest.java line 47: > 45: import sun.awt.datatransfer.SunClipboard; > 46: > 47: import static org.junit.Assert.*; I am not sure about how strict we are about using wildcard imports in tests in JavaFX. You can change this or keep it as it is, depending upon the answer to the first statement. ------------- PR: https://git.openjdk.java.net/jfx/pull/662
