8315074: Possible null pointer access in native glass

Reviewed-by: jvos, kcr

Author: jayathirthrao

modules/javafx.graphics/src/main/native-glass/gtk/GlassApplication.cpp

@@ -262,8 +262,13 @@ JNIEXPORT void JNICALL Java_com_sun_glass_ui_gtk_GtkApplication__1submitForLater
     (void)obj;
 
     RunnableContext* context = (RunnableContext*)malloc(sizeof(RunnableContext));
-    context->runnable = env->NewGlobalRef(runnable);
-    gdk_threads_add_idle_full(G_PRIORITY_HIGH_IDLE + 30, call_runnable, context, NULL);
+    if (context != NULL) {
+        context->runnable = env->NewGlobalRef(runnable);
+        gdk_threads_add_idle_full(G_PRIORITY_HIGH_IDLE + 30, call_runnable, context, NULL);
+        // we release this context in call_runnable
+    } else {
+        fprintf(stderr, "malloc failed in GtkApplication__1submitForLaterInvocation\n");
+    }
 }
 
 /*

modules/javafx.graphics/src/main/native-glass/gtk/GlassTimer.cpp

@@ -45,10 +45,16 @@ JNIEXPORT jlong JNICALL Java_com_sun_glass_ui_gtk_GtkTimer__1start
     (void)obj;
 
     RunnableContext* context = (RunnableContext*) malloc(sizeof(RunnableContext));
-    context->runnable = env->NewGlobalRef(runnable);
-    context->flag = 0;
-    gdk_threads_add_timeout_full(G_PRIORITY_HIGH_IDLE, period, call_runnable_in_timer, context, NULL);
-    return PTR_TO_JLONG(context);
+    if (context != NULL) {
+        context->runnable = env->NewGlobalRef(runnable);
+        context->flag = 0;
+        gdk_threads_add_timeout_full(G_PRIORITY_HIGH_IDLE, period, call_runnable_in_timer, context, NULL);
+        return PTR_TO_JLONG(context);
+    } else {
+        // we throw RuntimeException on Java side when we can't
+        // start the timer
+        return 0L;
+    }
 }
 
 /*

modules/javafx.graphics/src/main/native-glass/gtk/glass_general.h

@@ -96,6 +96,12 @@ struct jni_exception: public std::exception {
     jstring jmessage;
 };
 
+#define SAFE_FREE(PTR)  \
+    if ((PTR) != NULL) {  \
+        free(PTR);     \
+        (PTR) = NULL;     \
+    }
+
 #define EXCEPTION_OCCURED(env) (check_and_clear_exception(env))
 
 #define CHECK_JNI_EXCEPTION(env) \

modules/javafx.graphics/src/main/native-glass/gtk/glass_window_ime.cpp

@@ -59,6 +59,12 @@ bool WindowContextBase::im_filter_keypress(GdkEventKey* event) {
         buffer = (char*)malloc(buf_len * sizeof (char));
     }
 
+    if (buffer == NULL) {
+        // dont process the key event
+        fprintf(stderr, "malloc failed in im_filter_keypress\n");
+        return false;
+    }
+
     KeySym keysym;
     Status status;
     XKeyPressedEvent xevent = convert_event(event);
@@ -74,7 +80,14 @@ bool WindowContextBase::im_filter_keypress(GdkEventKey* event) {
     int len = Xutf8LookupString(xim.ic, &xevent, buffer, buf_len - 1, &keysym, &status);
     if (status == XBufferOverflow) {
         buf_len = len + 1;
-        buffer = (char*)realloc(buffer, buf_len * sizeof (char));
+        char *tmpBuffer = (char*)realloc(buffer, buf_len * sizeof (char));
+        if (tmpBuffer == NULL) {
+            SAFE_FREE(buffer);
+            // dont process the key event
+            fprintf(stderr, "realloc failed in im_filter_keypress\n");
+            return false;
+        }
+        buffer = tmpBuffer;
         len = Xutf8LookupString(xim.ic, &xevent, buffer, buf_len - 1,
                 &keysym, &status);
     }

modules/javafx.graphics/src/main/native-glass/ios/GlassMacros.h

@@ -73,22 +73,34 @@ do {
     GlassThreadData *_GlassThreadData = (GlassThreadData*)pthread_getspecific(GlassThreadDataKey); \
     if (_GlassThreadData == NULL) \
     { \
-        _GlassThreadData = malloc(sizeof(GlassThreadData)); \
-        memset(_GlassThreadData, 0x00, sizeof(GlassThreadData)); \
-        pthread_setspecific(GlassThreadDataKey, _GlassThreadData); \
+        _GlassThreadData = calloc(1, sizeof(GlassThreadData)); \
+        if (_GlassThreadData != NULL) \
+        { \
+            pthread_setspecific(GlassThreadDataKey, _GlassThreadData); \
+        } \
+        else \
+        { \
+            fprintf(stderr, "malloc failed in GLASS_POOL_ENTER\n"); \
+        } \
     } \
-    assert(_GlassThreadData->counter >= 0); \
-    if (_GlassThreadData->counter++ == 0) \
+    if (_GlassThreadData != NULL) \
     { \
-        _GlassThreadData->pool = [[NSAutoreleasePool alloc] init]; \
+        assert(_GlassThreadData->counter >= 0); \
+        if (_GlassThreadData->counter++ == 0) \
+        { \
+            _GlassThreadData->pool = [[NSAutoreleasePool alloc] init]; \
+        } \
     }
 #define GLASS_POOL_EXIT \
-    if (--_GlassThreadData->counter == 0) \
+    if (_GlassThreadData != NULL) \
     { \
-        [_GlassThreadData->pool drain]; \
-        _GlassThreadData->pool = nil; \
+        if (--_GlassThreadData->counter == 0) \
+        { \
+            [_GlassThreadData->pool drain]; \
+            _GlassThreadData->pool = nil; \
+        } \
+        assert(_GlassThreadData->counter >= 0); \
     } \
-    assert(_GlassThreadData->counter >= 0); \
 }
 
 // variations of GLASS_POOL_ENTER/GLASS_POOL_EXIT allowing them to be used accross different calls

modules/javafx.graphics/src/main/native-glass/mac/GlassApplication.m

@@ -362,6 +362,7 @@ - (void)application:(NSApplication *)theApplication openFiles:(NSArray *)filenam
     LOG("GlassApplication:application:openFiles");
 
     GET_MAIN_JENV;
+    NSApplicationDelegateReply reply = NSApplicationDelegateReplySuccess;
     NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
     {
         NSUInteger count = [filenames count];
@@ -371,21 +372,26 @@ - (void)application:(NSApplication *)theApplication openFiles:(NSArray *)filenam
         }
         jobjectArray files = (*env)->NewObjectArray(env, (jsize)count, stringClass, NULL);
         GLASS_CHECK_EXCEPTION(env);
-        for (NSUInteger i=0; i<count; i++)
-        {
-            NSString *file = [filenames objectAtIndex:i];
-            if (file != nil)
+        if (files != NULL) {
+            for (NSUInteger i=0; i<count; i++)
             {
-                (*env)->SetObjectArrayElement(env, files, (jsize)i, (*env)->NewStringUTF(env, [file UTF8String]));
-                GLASS_CHECK_EXCEPTION(env);
+                NSString *file = [filenames objectAtIndex:i];
+                if (file != nil)
+                {
+                    (*env)->SetObjectArrayElement(env, files, (jsize)i, (*env)->NewStringUTF(env, [file UTF8String]));
+                    GLASS_CHECK_EXCEPTION(env);
+                }
             }
+            (*env)->CallVoidMethod(env, self->jApplication, [GlassHelper ApplicationNotifyOpenFilesMethod], files);
+        } else {
+            fprintf(stderr, "NewObjectArray failed in GlassApplication_application\n");
+            reply = NSApplicationDelegateReplyFailure;
         }
-        (*env)->CallVoidMethod(env, self->jApplication, [GlassHelper ApplicationNotifyOpenFilesMethod], files);
     }
     [pool drain];
     GLASS_CHECK_EXCEPTION(env);
 
-    [theApplication replyToOpenOrPrint:NSApplicationDelegateReplySuccess];
+    [theApplication replyToOpenOrPrint:reply];
 }
 
 - (BOOL)application:(NSApplication *)theApplication openFile:(NSString *)filename

modules/javafx.graphics/src/main/native-glass/mac/GlassKey.m

@@ -461,6 +461,9 @@ jcharArray GetJavaKeyChars(JNIEnv *env, NSEvent *event)
     jchar jc[16];
     [chars getCharacters:jc range:NSMakeRange(0, [chars length])];
     jcharArray jChars = (*env)->NewCharArray(env, (jsize)[chars length]);
+    if (jChars == NULL) {
+        return NULL;
+    }
     (*env)->SetCharArrayRegion(env, jChars, 0, (jsize)[chars length], jc);
     GLASS_CHECK_EXCEPTION(env);
     return jChars;

modules/javafx.graphics/src/main/native-glass/mac/GlassMacros.h

@@ -177,22 +177,34 @@ do {
     GlassThreadData *_GlassThreadData = (GlassThreadData*)pthread_getspecific(GlassThreadDataKey); \
     if (_GlassThreadData == NULL) \
     { \
-        _GlassThreadData = malloc(sizeof(GlassThreadData)); \
-        memset(_GlassThreadData, 0x00, sizeof(GlassThreadData)); \
-        pthread_setspecific(GlassThreadDataKey, _GlassThreadData); \
+        _GlassThreadData = calloc(1, sizeof(GlassThreadData)); \
+        if (_GlassThreadData != NULL) \
+        { \
+            pthread_setspecific(GlassThreadDataKey, _GlassThreadData); \
+        } \
+        else \
+        { \
+            fprintf(stderr, "malloc failed in GLASS_POOL_ENTER\n"); \
+        } \
     } \
-    assert(_GlassThreadData->counter >= 0); \
-    if (_GlassThreadData->counter++ == 0) \
+    if (_GlassThreadData != NULL) \
     { \
-        _GlassThreadData->pool = [[NSAutoreleasePool alloc] init]; \
+        assert(_GlassThreadData->counter >= 0); \
+        if (_GlassThreadData->counter++ == 0) \
+        { \
+            _GlassThreadData->pool = [[NSAutoreleasePool alloc] init]; \
+        } \
     }
 #define GLASS_POOL_EXIT \
-    if (--_GlassThreadData->counter == 0) \
+    if (_GlassThreadData != NULL) \
     { \
-        [_GlassThreadData->pool drain]; \
-        _GlassThreadData->pool = nil; \
+        if (--_GlassThreadData->counter == 0) \
+        { \
+            [_GlassThreadData->pool drain]; \
+            _GlassThreadData->pool = nil; \
+        } \
+        assert(_GlassThreadData->counter >= 0); \
     } \
-    assert(_GlassThreadData->counter >= 0); \
 }
 
 // variations of GLASS_POOL_ENTER/GLASS_POOL_EXIT allowing them to be used accross different calls