Minor correction: The size of the malloced area: (width height * 4) modulo 0xffffffff* is incorrect. The modulo is 2^32, not 2^32-1

I noticed that too. The author is probably confusing the fact that you can compute the modulo for a power of two by bitwise-and:ing with (the power of two) - 1.

I.e. x & 0xffffffff == x % (0xffffffff + 1) (assuming more than 32 bits everywhere).

OpenJDK, not "Java".

Not only that, it is an exploit of the C code in the OpenJDK implementation.

People should stop mixing languages with implementations.