Integrated: 8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7

Tue, 10 Nov 2020 17:35:02 -0800 

On Mon, 9 Nov 2020 20:17:44 GMT, Sergey Bylokhov <[email protected]> wrote:

> The JavaSound supports the special system exclusive message(SysexMessage). 
> 
> An important part of the spec:
> 
>> Data of a system exclusive message should be stored in the data array of a 
>> {@code SysexMessage} as follows: the system exclusive message status byte 
>> (0xF0 or 0xF7), all message data bytes, and finally the end-of-exclusive 
>> flag (0xF7):
>> 
>> The first {@code SysexMessage} object containing data for a particular system
>> exclusive message should have the status value 0xF0. If this message contains
>> all the system exclusive data for the message, it should end with the status
>> byte 0xF7 (EOX). Otherwise, additional system exclusive data should be sent
>> in one or more {@code SysexMessages} with a status value of 0xF7. The
>> {@code SysexMessage} containing the last of the data for the system exclusive
>> message should end with the value 0xF7 (EOX) to mark the end of the system
>>  exclusive message.
> 
> In short, the text above can be represented by these examples:
> 1. SImple case: `SysexMessage{0xF0, some_data, 0xF7}`
> 2. "Continuation" sysex messages: `SysexMessage{0xF0,some_data}, 
> SysexMessage{0xF7,some_data}, SysexMessage{0xF7,some_data}, 
> SysexMessage{0xF7,some_data, 0xF7}.`
> 
> 
> Note that the second case above the "SysexMessage{0xF7,some_data}" is named 
> as a "continuation" sysex messages.
> Usually, when a create a sysex message we carefully calculate the size of the 
> message before sending it to the native code, but the "continuation" sysex 
> messages were implemented in 2003 directly in native after all checks are 
> done, and it just skips the status byte and tries to push nonexistent data to 
> the native device.
> 
> So the culprit is in the message like this:
> `SysexMessage{0xF0,some_data}, SysexMessage{0xF7}.`
> 
> The code assumes that the second message is "continuation", but it does not, 
> it just ends the previous message.
> 
> After the fix, we will not consider the 0xF7 as a continuation if there are 
> no data after.

This pull request has now been integrated.

Changeset: 5de99da7
Author:    Sergey Bylokhov <[email protected]>
URL:       https://git.openjdk.java.net/jdk/commit/5de99da7
Stats:     123 lines in 2 files changed: 121 ins; 0 del; 2 mod

8237495: Java MIDI fails with a dereferenced memory error when asked to send a 
raw 0xF7

Reviewed-by: kizune

-------------

PR: https://git.openjdk.java.net/jdk/pull/1135

Reply via email to