Request for approval: Bug 100057 - Potential stack corruption in GetJavaProperties

Alan Bateman Alan.Bateman at Sun.COM
Fri May 22 11:35:40 UTC 2009


Andrew Haley wrote:
> https://bugs.openjdk.java.net/show_bug.cgi?id=100057
>
> GetJavaProperties has a stack-allocated fixed size buffer for holding a copy of
> a string returned by setlocale(3).  However, there is no guarantee that the
> string will fit into this buffer.
>
> This one is probably due to Solaris code being reused for Linux.  The
> patch has been in IcedTea for a long while.
>
> OK to push, OpenJDK 7 and 6?
>
> Andrew
>   
I can't say I know this code very well but I see that the full-locale 
name can also be copied into temp when the locale is an alias. This 
makes me wonder if temp might need to be realloc'ed there? Also, I 
wonder if the return from malloc should be checked.

I've created a corresponding sunbug for this:
  6844255: Potential stack corruption in GetJavaProperties

-Alan





More information about the core-libs-dev mailing list