JDK-8235904 : Infinite loop when rendering huge lines
  • Type: Bug
  • Component: client-libs
  • Sub-Component: 2d
  • Affected Version: 8,11,13,14,15
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2019-12-13
  • Updated: 2022-06-27
  • Resolved: 2020-01-14
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 13 JDK 15 Other
11.0.7Fixed 13.0.4Fixed 15 b07Fixed openjdk8u252Fixed
Description
There is a problem when rendering huge lines with the XRender pipeline, causing an infinite loop.

The Bresenham renderer in sun/java2d/xr/XRDrawLine.java overflows when calculating the clip coordinates, for example the following code (line 283):

xsteps = 2 * ysteps * ax + ay

Produces the following with the attached test case already during the first passage:

2 * 33535 * 34005 + 34005 = 2280749355

The issue seems to also be present when using the native Bresenham renderer, although I hadn't found a way to exploit this yet.

There is an old related bug describing the same issue but was marked as fixed, so this may be a regression, however the bug does not seem to have a commit in the OpenJDK code base so maybe it was fixed in the closed version only:

https://bugs.openjdk.java.net/browse/JDK-4376103

I can reproduce this problem on all the version I tried so far: 8u, 11u, 13 and latest-dev.
Comments
Fix request (13u): The original change applies cleanly.
04-06-2020
Fix request (8u-dev): Patch applies with minor change: http://cr.openjdk.java.net/~neugens/8235904-jdk8/webrev.00/jdk.changeset
24-02-2020
Fix request: The patch applies cleanly on 11u.
30-01-2020
URL: https://hg.openjdk.java.net/jdk/jdk/rev/b681239b7258 User: psadhukhan Date: 2020-01-22 08:47:51 +0000
22-01-2020
URL: https://hg.openjdk.java.net/jdk/client/rev/b681239b7258 User: prr Date: 2020-01-14 23:20:55 +0000
14-01-2020
Yes, after further testing and feedback I can confirm this is only an issue with the XRender code.
07-01-2020
Confirmed it works fine with -Dsun.java2d.xrender=false on all JDKs, 8->13.
17-12-2019
When the previous bug was fixed it pre-dated the open sourcing of JDK so I expect the fix is in open code, but it explains why you can't find a commit. Also "xr" is the Xrender code path which came in much later (OpenJDK 7) so it is a bug in new code, not a regression.
17-12-2019