Request for approval: Bug 100057 - Potential stack corruption in GetJavaProperties

David Holmes - Sun Microsystems David.Holmes at Sun.COM
Fri May 22 11:58:35 UTC 2009


Andrew Haley said the following on 05/22/09 21:45:
> David Holmes - Sun Microsystems wrote:
> 
>> If you use malloc then you have to check for a NULL return and deal with
>> the error possibility.
>>
>> Alternatively use strncpy to make sure it's safe and continue to assume
>> that it will be big enough.
> 
> It's just following the style used throughout that file, which is to
> allocate memory (usually via strdup) but not check the retval.

Hmmm. In most (all?) cases though that just results in a NULL being 
stored in a property. Here if we get NULL we try to write into that 
space - and that's not good. Can't say for sure all the strdup uses are 
safe though.

The risk of fixing old code is that suddenly people notice everything 
else that's wrong with it.

> OK.  I'll check for the NULL, then.  If I have to change the patch that's
> been in IcedTea for ages then I'll use strdup instead of malloc.  

I do wonder why strdup wasn't used in the first place.

It also appears that the strdup of lc is never freed.

> But what
> is one supposed to do if the allocation fails?  Simply emit an error
> message to stderr and call abort() ?

Throw an OutOfMemory exception - see the use of JNU_ThrowByName later in 
the function.

Cheers,
David

> Andrew.
> 
> 
>> Andrew Haley said the following on 05/22/09 21:10:
>>> https://bugs.openjdk.java.net/show_bug.cgi?id=100057
>>>
>>> GetJavaProperties has a stack-allocated fixed size buffer for holding
>>> a copy of
>>> a string returned by setlocale(3).  However, there is no guarantee
>>> that the
>>> string will fit into this buffer.
>>>
>>> This one is probably due to Solaris code being reused for Linux.  The
>>> patch has been in IcedTea for a long while.
>>>
>>> OK to push, OpenJDK 7 and 6?
>>>
>>> Andrew.
>>>
>>>
>>> ---
>>> oldopenjdk6/jdk/src/solaris/native/java/lang/java_props_md.c       
>>> 2008-08-28 04:15:51.000000000 -0400
>>> +++ openjdk/jdk/src/solaris/native/java/lang/java_props_md.c   
>>> 2008-09-15 10:37:26.000000000 -0400
>>> @@ -211,7 +211,9 @@
>>>               * <language name>_<country name>.<encoding
>>> name>@<variant name>
>>>               * <country name>, <encoding name>, and <variant name>
>>> are optional.
>>>               */
>>> -            char temp[64];
>>> +           char * temp;
>>> +           temp = (char*) malloc(strlen(lc)+1);
>>> +
>>>              char *language = NULL, *country = NULL, *variant = NULL,
>>>                   *encoding = NULL;
>>>              char *std_language = NULL, *std_country = NULL,
>>> *std_variant = NULL,
>>> @@ -323,6 +325,9 @@
>>>              /* return same result nl_langinfo would return for en_UK,
>>>               * in order to use optimizations. */
>>>              std_encoding = (*p != '\0') ? p : "ISO8859-1";
>>> +
>>> +           /* Free temp */
>>> +           free(temp);
>>>
>>>
>>>  #ifdef __linux__
> 



More information about the core-libs-dev mailing list