Changeset 309 for trunk/openjdk/jdk/src/share/native

Timestamp:

Feb 13, 2012, 10:07:12 PM (14 years ago)

Author:

dmik

Message:

trunk: Merged in openjdk6 b24 from branches/vendor/oracle.

Location:

trunk/openjdk

Files:

• . (modified) (1 prop)
• jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp (modified) (3 diffs)
• jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp (modified) (2 diffs)
• jdk/src/share/native/com/sun/java/util/jar/pack/utils.h (modified) (2 diffs)
• jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c (modified) (2 diffs)
• jdk/src/share/native/sun/font/layout/SunLayoutEngine.cpp (modified) (1 diff)
• jdk/src/share/native/sun/java2d/loops/TransformHelper.c (modified) (11 diffs)

trunk/openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp

@@ -1 +1 @@
 /*
- * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -1089 +1089 @@
     if (suffix == 0)  continue;  // done with empty string
     chars.malloc(size3);
+    CHECK;
     byte* chp = chars.ptr;
     band saved_band = cp_Utf8_big_chars;
     cp_Utf8_big_chars.readData(suffix);
+    CHECK;
     for (int j = 0; j < suffix; j++) {
       unsigned short ch = cp_Utf8_big_chars.getInt();
+      CHECK;
       chp = store_Utf8_char(chp, ch);
     }
@@ -1111 +1114 @@
   int prevlen = 0;  // previous string length (in chars)
   tmallocs.add(bigbuf.ptr);  // free after this block
+  CHECK;
   cp_Utf8_prefix.rewind();
   for (i = 0; i < len; i++) {
     bytes& chars = allsuffixes[i];
     int prefix = (i < PREFIX_SKIP_2)? 0: cp_Utf8_prefix.getInt();
+    CHECK;
     int suffix = chars.len;
     byte* fillp;

trunk/openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp

@@ -1 +1 @@
 /*
- * Copyright (c) 2001, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -53 +53 @@
     msize = sizeof(int);  // see 0xbaadf00d below
   #endif
-  void* ptr = (msize > PSIZE_MAX) ? null : malloc(msize);
+  void* ptr = (msize > PSIZE_MAX || msize <= 0) ? null : malloc(msize);
   if (ptr != null) {
     memset(ptr, 0, size);

trunk/openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.h

@@ -1 +1 @@
 /*
- * Copyright (c) 2001, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -34 +34 @@
 
 // overflow management
-#define OVERFLOW ((size_t)-1)
+#define OVERFLOW ((uint)-1)
 #define PSIZE_MAX (OVERFLOW/2)  /* normal size limit */
 

trunk/openjdk/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c

@@ -41 +41 @@
 #include <assert.h>
 #include <string.h>
+#include <limits.h>
 
 
@@ -1922 +1923 @@
 
     // Allocate a 1-scanline buffer
+    if (cinfo->num_components <= 0 ||
+        cinfo->image_width > (UINT_MAX / (unsigned int)cinfo->num_components))
+    {
+        RELEASE_ARRAYS(env, data, src->next_input_byte);
+        JNU_ThrowByName(env, "javax/imageio/IIOException",
+                        "Invalid number of color components");
+        return data->abortFlag;
+    }
     scanLinePtr = (JSAMPROW)malloc(cinfo->image_width*cinfo->num_components);
     if (scanLinePtr == NULL) {

trunk/openjdk/jdk/src/share/native/sun/font/layout/SunLayoutEngine.cpp

@@ -187 +187 @@
   jchar* chars = buffer;
   if (len > 256) {
-    chars = (jchar*)malloc(len * sizeof(jchar));
+    size_t size = len * sizeof(jchar);
+    if (size / sizeof(jchar) != len) {
+      return;
+    }
+    chars = (jchar*)malloc(size);
     if (chars == 0) {
       return;

trunk/openjdk/jdk/src/share/native/sun/java2d/loops/TransformHelper.c

@@ -1 +1 @@
 /*
- * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -76 +76 @@
 
 /*
+ * The dxydxy parameters of the inverse transform determine how
+ * quickly we step through the source image.  For tiny scale
+ * factors (on the order of 1E-16 or so) the stepping distances
+ * are huge.  The image has been scaled so small that stepping
+ * a single pixel in device space moves the sampling point by
+ * billions (or more) pixels in the source image space.  These
+ * huge stepping values can overflow the whole part of the longs
+ * we use for the fixed point stepping equations and so we need
+ * a more robust solution.  We could simply iterate over every
+ * device pixel, use the inverse transform to transform it back
+ * into the source image coordinate system and then test it for
+ * being in range and sample pixel-by-pixel, but that is quite
+ * a bit more expensive.  Fortunately, if the scale factors are
+ * so tiny that we overflow our long values then the number of
+ * pixels we are planning to visit should be very tiny.  The only
+ * exception to that rule is if the scale factor along one
+ * dimension is tiny (creating the huge stepping values), and
+ * the scale factor along the other dimension is fairly regular
+ * or an up-scale.  In that case we have a lot of pixels along
+ * the direction of the larger axis to sample, but few along the
+ * smaller axis.  Though, pessimally, with an added shear factor
+ * such a linearly tiny image could have bounds that cover a large
+ * number of pixels.  Such odd transformations should be very
+ * rare and the absolute limit on calculations would involve a
+ * single reverse transform of every pixel in the output image
+ * which is not fast, but it should not cause an undue stall
+ * of the rendering software.
+ *
+ * The specific test we will use is to calculate the inverse
+ * transformed values of every corner of the destination bounds
+ * (in order to be user-clip independent) and if we can
+ * perform a fixed-point-long inverse transform of all of
+ * those points without overflowing we will use the fast
+ * fixed point algorithm.  Otherwise we will use the safe
+ * per-pixel transform algorithm.
+ * The 4 corners are 0,0, 0,dsth, dstw,0, dstw,dsth
+ * Transformed they are:
+ *     tx,               ty
+ *     tx       +dxdy*H, ty       +dydy*H
+ *     tx+dxdx*W,        ty+dydx*W
+ *     tx+dxdx*W+dxdy*H, ty+dydx*W+dydy*H
+ */
+/* We reject coordinates not less than 1<<30 so that the distance between */
+/* any 2 of them is less than 1<<31 which would overflow into the sign */
+/* bit of a signed long value used to represent fixed point coordinates. */
+#define TX_FIXED_UNSAFE(v)  (fabs(v) >= (1<<30))
+static jboolean
+checkOverflow(jint dxoff, jint dyoff,
+              SurfaceDataBounds *pBounds,
+              TransformInfo *pItxInfo,
+              jdouble *retx, jdouble *rety)
+{
+    jdouble x, y;
+
+    x = dxoff+pBounds->x1+0.5; /* Center of pixel x1 */
+    y = dyoff+pBounds->y1+0.5; /* Center of pixel y1 */
+    Transform_transform(pItxInfo, &x, &y);
+    *retx = x;
+    *rety = y;
+    if (TX_FIXED_UNSAFE(x) || TX_FIXED_UNSAFE(y)) {
+        return JNI_TRUE;
+    }
+
+    x = dxoff+pBounds->x2-0.5; /* Center of pixel x2-1 */
+    y = dyoff+pBounds->y1+0.5; /* Center of pixel y1 */
+    Transform_transform(pItxInfo, &x, &y);
+    if (TX_FIXED_UNSAFE(x) || TX_FIXED_UNSAFE(y)) {
+        return JNI_TRUE;
+    }
+
+    x = dxoff+pBounds->x1+0.5; /* Center of pixel x1 */
+    y = dyoff+pBounds->y2-0.5; /* Center of pixel y2-1 */
+    Transform_transform(pItxInfo, &x, &y);
+    if (TX_FIXED_UNSAFE(x) || TX_FIXED_UNSAFE(y)) {
+        return JNI_TRUE;
+    }
+
+    x = dxoff+pBounds->x2-0.5; /* Center of pixel x2-1 */
+    y = dyoff+pBounds->y2-0.5; /* Center of pixel y2-1 */
+    Transform_transform(pItxInfo, &x, &y);
+    if (TX_FIXED_UNSAFE(x) || TX_FIXED_UNSAFE(y)) {
+        return JNI_TRUE;
+    }
+
+    return JNI_FALSE;
+}
+
+/*
  * Fill the edge buffer with pairs of coordinates representing the maximum
  * left and right pixels of the destination surface that should be processed
@@ -83 +171 @@
  * source coordinate that falls within the (0, 0, sw, sh) bounds of the
  * source image should be processed.
- * pEdgeBuf points to an array of jints that holds MAXEDGES*2 values.
- * If more storage is needed, then this function allocates a new buffer.
- * In either case, a pointer to the buffer actually used to store the
- * results is returned.
- * The caller is responsible for freeing the buffer if the return value
- * is not the same as the original pEdgeBuf passed in.
+ * pEdges points to an array of jints that holds 2 + numedges*2 values where
+ * numedges should match (pBounds->y2 - pBounds->y1).
+ * The first two jints in pEdges should be set to y1 and y2 and every pair
+ * of jints after that represent the xmin,xmax of all pixels in range of
+ * the transformed blit for the corresponding scanline.
  */
-static jint *
-calculateEdges(jint *pEdgeBuf,
+static void
+calculateEdges(jint *pEdges,
                SurfaceDataBounds *pBounds,
                TransformInfo *pItxInfo,
@@ -97 +184 @@
                juint sw, juint sh)
 {
-    jint *pEdges;
     jlong dxdxlong, dydxlong;
     jlong dxdylong, dydylong;
@@ -112 +198 @@
     dx2 = pBounds->x2;
     dy2 = pBounds->y2;
-    if ((dy2-dy1) > MAXEDGES) {
-        pEdgeBuf = malloc(2 * (dy2-dy1) * sizeof (*pEdges));
-    }
-    pEdges = pEdgeBuf;
+    *pEdges++ = dy1;
+    *pEdges++ = dy2;
 
     drowxlong = (dx2-dx1-1) * dxdxlong;
@@ -156 +240 @@
         dy1++;
     }
-
-    return pEdgeBuf;
 }
+
+static void
+Transform_SafeHelper(JNIEnv *env,
+                     SurfaceDataOps *srcOps,
+                     SurfaceDataOps *dstOps,
+                     SurfaceDataRasInfo *pSrcInfo,
+                     SurfaceDataRasInfo *pDstInfo,
+                     NativePrimitive *pMaskBlitPrim,
+                     CompositeInfo *pCompInfo,
+                     TransformHelperFunc *pHelperFunc,
+                     TransformInterpFunc *pInterpFunc,
+                     RegionData *pClipInfo, TransformInfo *pItxInfo,
+                     jint *pData, jint *pEdges,
+                     jint dxoff, jint dyoff, jint sw, jint sh);
 
 /*
@@ -188 +284 @@
     TransformHelperFunc *pHelperFunc;
     TransformInterpFunc *pInterpFunc;
-    jint edgebuf[MAXEDGES * 2];
+    jdouble xorig, yorig;
+    jlong numedges;
     jint *pEdges;
-    jdouble x, y;
-    jlong xbase, ybase;
-    jlong dxdxlong, dydxlong;
-    jlong dxdylong, dydylong;
+    jint edgebuf[2 + MAXEDGES * 2];
+    union {
+        jlong align;
+        jint data[LINE_SIZE];
+    } rgb;
 
 #ifdef MAKE_STUBS
@@ -270 +368 @@
         != SD_SUCCESS)
     {
+        /* edgeArray should already contain zeros for min/maxy */
         return;
     }
@@ -276 +375 @@
     {
         SurfaceData_InvokeUnlock(env, srcOps, &srcInfo);
+        /* edgeArray should already contain zeros for min/maxy */
         return;
     }
     Region_IntersectBounds(&clipInfo, &dstInfo.bounds);
 
+    numedges = (((jlong) dstInfo.bounds.y2) - ((jlong) dstInfo.bounds.y1));
+    if (numedges <= 0) {
+        pEdges = NULL;
+    } else if (!JNU_IsNull(env, edgeArray)) {
+        /*
+         * Ideally Java should allocate an array large enough, but if
+         * we ever have a miscommunication about the number of edge
+         * lines, or if the Java array calculation should overflow to
+         * a positive number and succeed in allocating an array that
+         * is too small, we need to verify that it can still hold the
+         * number of integers that we plan to store to be safe.
+         */
+        jsize edgesize = (*env)->GetArrayLength(env, edgeArray);
+        /* (edgesize/2 - 1) should avoid any overflow or underflow. */
+        pEdges = (((edgesize / 2) - 1) >= numedges)
+            ? (*env)->GetPrimitiveArrayCritical(env, edgeArray, NULL)
+            : NULL;
+    } else if (numedges > MAXEDGES) {
+        /* numedges variable (jlong) can be at most ((1<<32)-1) */
+        /* memsize can overflow a jint, but not a jlong */
+        jlong memsize = ((numedges * 2) + 2) * sizeof(*pEdges);
+        pEdges = (memsize == ((size_t) memsize))
+            ? malloc((size_t) memsize)
+            : NULL;
+    } else {
+        pEdges = edgebuf;
+    }
+    if (pEdges == NULL) {
+        if (numedges > 0) {
+            JNU_ThrowInternalError(env, "Unable to allocate edge list");
+        }
+        SurfaceData_InvokeUnlock(env, dstOps, &dstInfo);
+        SurfaceData_InvokeUnlock(env, srcOps, &srcInfo);
+        /* edgeArray should already contain zeros for min/maxy */
+        return;
+    }
+
     Transform_GetInfo(env, itxform, &itxInfo);
-    dxdxlong = DblToLong(itxInfo.dxdx);
-    dydxlong = DblToLong(itxInfo.dydx);
-    dxdylong = DblToLong(itxInfo.dxdy);
-    dydylong = DblToLong(itxInfo.dydy);
-    x = dxoff+dstInfo.bounds.x1+0.5; /* Center of pixel x1 */
-    y = dyoff+dstInfo.bounds.y1+0.5; /* Center of pixel y1 */
-    Transform_transform(&itxInfo, &x, &y);
-    xbase = DblToLong(x);
-    ybase = DblToLong(y);
-
-    pEdges = calculateEdges(edgebuf, &dstInfo.bounds, &itxInfo,
-                            xbase, ybase, sx2-sx1, sy2-sy1);
 
     if (!Region_IsEmpty(&clipInfo)) {
         srcOps->GetRasInfo(env, srcOps, &srcInfo);
         dstOps->GetRasInfo(env, dstOps, &dstInfo);
-        if (srcInfo.rasBase && dstInfo.rasBase) {
-            union {
-                jlong align;
-                jint data[LINE_SIZE];
-            } rgb;
+        if (srcInfo.rasBase == NULL || dstInfo.rasBase == NULL) {
+            pEdges[0] = pEdges[1] = 0;
+        } else if (checkOverflow(dxoff, dyoff, &dstInfo.bounds,
+                                 &itxInfo, &xorig, &yorig))
+        {
+            Transform_SafeHelper(env, srcOps, dstOps,
+                                 &srcInfo, &dstInfo,
+                                 pMaskBlitPrim, &compInfo,
+                                 pHelperFunc, pInterpFunc,
+                                 &clipInfo, &itxInfo, rgb.data, pEdges,
+                                 dxoff, dyoff, sx2-sx1, sy2-sy1);
+        } else {
             SurfaceDataBounds span;
+            jlong dxdxlong, dydxlong;
+            jlong dxdylong, dydylong;
+            jlong xbase, ybase;
+
+            dxdxlong = DblToLong(itxInfo.dxdx);
+            dydxlong = DblToLong(itxInfo.dydx);
+            dxdylong = DblToLong(itxInfo.dxdy);
+            dydylong = DblToLong(itxInfo.dydy);
+            xbase = DblToLong(xorig);
+            ybase = DblToLong(yorig);
+
+            calculateEdges(pEdges, &dstInfo.bounds, &itxInfo,
+                           xbase, ybase, sx2-sx1, sy2-sy1);
 
             Region_StartIteration(env, &clipInfo);
@@ -319 +464 @@
                     /* Note - process at most one scanline at a time. */
 
-                    dx1 = pEdges[(dy1 - dstInfo.bounds.y1) * 2];
-                    dx2 = pEdges[(dy1 - dstInfo.bounds.y1) * 2 + 1];
+                    dx1 = pEdges[(dy1 - dstInfo.bounds.y1) * 2 + 2];
+                    dx2 = pEdges[(dy1 - dstInfo.bounds.y1) * 2 + 3];
                     if (dx1 < span.x1) dx1 = span.x1;
                     if (dx2 > span.x2) dx2 = span.x2;
@@ -377 +522 @@
         SurfaceData_InvokeRelease(env, dstOps, &dstInfo);
         SurfaceData_InvokeRelease(env, srcOps, &srcInfo);
+    } else {
+        pEdges[0] = pEdges[1] = 0;
+    }
+    if (!JNU_IsNull(env, edgeArray)) {
+        (*env)->ReleasePrimitiveArrayCritical(env, edgeArray, pEdges, 0);
+    } else if (pEdges != edgebuf) {
+        free(pEdges);
     }
     SurfaceData_InvokeUnlock(env, dstOps, &dstInfo);
     SurfaceData_InvokeUnlock(env, srcOps, &srcInfo);
-    if (!JNU_IsNull(env, edgeArray)) {
-        (*env)->SetIntArrayRegion(env, edgeArray, 0, 1, &dstInfo.bounds.y1);
-        (*env)->SetIntArrayRegion(env, edgeArray, 1, 1, &dstInfo.bounds.y2);
-        (*env)->SetIntArrayRegion(env, edgeArray,
-                                  2, (dstInfo.bounds.y2 - dstInfo.bounds.y1)*2,
-                                  pEdges);
-    }
-    if (pEdges != edgebuf) {
-        free(pEdges);
-    }
+}
+
+static void
+Transform_SafeHelper(JNIEnv *env,
+                     SurfaceDataOps *srcOps,
+                     SurfaceDataOps *dstOps,
+                     SurfaceDataRasInfo *pSrcInfo,
+                     SurfaceDataRasInfo *pDstInfo,
+                     NativePrimitive *pMaskBlitPrim,
+                     CompositeInfo *pCompInfo,
+                     TransformHelperFunc *pHelperFunc,
+                     TransformInterpFunc *pInterpFunc,
+                     RegionData *pClipInfo, TransformInfo *pItxInfo,
+                     jint *pData, jint *pEdges,
+                     jint dxoff, jint dyoff, jint sw, jint sh)
+{
+    SurfaceDataBounds span;
+    jint dx1, dx2;
+    jint dy1, dy2;
+    jint i, iy;
+
+    dy1 = pDstInfo->bounds.y1;
+    dy2 = pDstInfo->bounds.y2;
+    dx1 = pDstInfo->bounds.x1;
+    dx2 = pDstInfo->bounds.x2;
+    pEdges[0] = dy1;
+    pEdges[1] = dy2;
+    for (iy = dy1; iy < dy2; iy++) {
+        jint i = (iy - dy1) * 2;
+        /* row spans are set to max,min until we find a pixel in range below */
+        pEdges[i + 2] = dx2;
+        pEdges[i + 3] = dx1;
+    }
+
+    Region_StartIteration(env, pClipInfo);
+    while (Region_NextIteration(pClipInfo, &span)) {
+        dy1 = span.y1;
+        dy2 = span.y2;
+        while (dy1 < dy2) {
+            dx1 = span.x1;
+            dx2 = span.x2;
+            i = (dy1 - pDstInfo->bounds.y1) * 2;
+            while (dx1 < dx2) {
+                jdouble x, y;
+                jlong xlong, ylong;
+
+                x = dxoff + dx1 + 0.5;
+                y = dyoff + dy1 + 0.5;
+                Transform_transform(pItxInfo, &x, &y);
+                xlong = DblToLong(x);
+                ylong = DblToLong(y);
+
+                /* Process only pixels with centers in bounds
+                 * Test double values to avoid overflow in conversion
+                 * to long values and then also test the long values
+                 * in case they rounded up and out of bounds during
+                 * the conversion.
+                 */
+                if (x >= 0 && y >= 0 && x < sw && y < sh &&
+                    WholeOfLong(xlong) < sw &&
+                    WholeOfLong(ylong) < sh)
+                {
+                    void *pDst;
+
+                    if (pEdges[i + 2] > dx1) {
+                        pEdges[i + 2] = dx1;
+                    }
+                    if (pEdges[i + 3] <= dx1) {
+                        pEdges[i + 3] = dx1 + 1;
+                    }
+
+                    /* Get IntArgbPre pixel data from source */
+                    (*pHelperFunc)(pSrcInfo,
+                                   pData, 1,
+                                   xlong, 0,
+                                   ylong, 0);
+
+                    /* Interpolate result pixels if needed */
+                    if (pInterpFunc) {
+                        (*pInterpFunc)(pData, 1,
+                                       FractOfLong(xlong-LongOneHalf), 0,
+                                       FractOfLong(ylong-LongOneHalf), 0);
+                    }
+
+                    /* Store/Composite interpolated pixels into dest */
+                    pDst = PtrCoord(pDstInfo->rasBase,
+                                    dx1, pDstInfo->pixelStride,
+                                    dy1, pDstInfo->scanStride);
+                    (*pMaskBlitPrim->funcs.maskblit)(pDst, pData,
+                                                     0, 0, 0,
+                                                     1, 1,
+                                                     pDstInfo, pSrcInfo,
+                                                     pMaskBlitPrim,
+                                                     pCompInfo);
+                }
+
+                /* Increment to next input pixel */
+                dx1++;
+            }
+
+            /* Increment to next scanline */
+            dy1++;
+        }
+    }
+    Region_EndIteration(env, pClipInfo);
 }