Request for approval: Bug 100057 - Potential stack corruption in GetJavaProperties
Alan Bateman
Alan.Bateman at Sun.COM
Fri May 22 11:35:40 UTC 2009
Andrew Haley wrote:
> https://bugs.openjdk.java.net/show_bug.cgi?id=100057
>
> GetJavaProperties has a stack-allocated fixed size buffer for holding a copy of
> a string returned by setlocale(3). However, there is no guarantee that the
> string will fit into this buffer.
>
> This one is probably due to Solaris code being reused for Linux. The
> patch has been in IcedTea for a long while.
>
> OK to push, OpenJDK 7 and 6?
>
> Andrew
>
I can't say I know this code very well but I see that the full-locale
name can also be copied into temp when the locale is an alias. This
makes me wonder if temp might need to be realloc'ed there? Also, I
wonder if the return from malloc should be checked.
I've created a corresponding sunbug for this:
6844255: Potential stack corruption in GetJavaProperties
-Alan
More information about the core-libs-dev
mailing list