On Wed, 1 Apr 2026 17:19:57 GMT, Kevin Rushforth <[email protected]> wrote:
> This PR fixes a bug in `GlassViewDelegate::convertNSStringToJString` where it > can return an uninitialized `jstring` value in one case. > > The macOS `convertNSStringToJString` function defines a local `jstring jStr` > variable and returns it from the function. This variable is not initialized > in one code path if the call to malloc fails, so garbage can be returned. > Additionally, the length parameter isn't validated and could overflow. > > The fix for the first problem is to initialize the `jStr` variable to `NULL`, > which will be used as the return value in the case where the malloc fails > (the caller already handles a `NULL` return value). The fix for the second is > a simple check to ensure the value passed to malloc does not overflow. For > good measure, I explicitly cast length to (size_t) although that isn't > strictly necessary. the fix is trivial enough, lgtm. assigning `jStr` to `NULL` early on is typical for native code and probably safer wrt to subsequent changes, even though it incurs a double assignment in the happy scenarios. the alternative is to assign it to NULL in the else block, but that creates a risk of some later change missing the assignment and re-introducing the issue. ------------- Marked as reviewed by angorya (Reviewer). PR Review: https://git.openjdk.org/jfx/pull/2135#pullrequestreview-4045881457
