[PATCH FOR REVIEW] Potential Buffer Overflow in java_props_md.c
David Holmes
david.holmes at oracle.com
Thu Aug 2 02:14:36 UTC 2012
Andrew et al,
AFAICS here:
220 encoding_variant = malloc(strlen(temp)+1);
221 if (encoding_variant == NULL) {
222 JNU_ThrowOutOfMemoryError(env, NULL);
223 return 0;
224 }
we also need to do free(temp). Similarly later where we return with OOM
due to realloc failure, don't we also need to free what was previously
malloc'd?
David
On 2/08/2012 7:18 AM, Andrew Hughes wrote:
>
>
> ----- Original Message -----
>> On 01/08/2012 14:52, Andrew Hughes wrote:
>>> :
>>>
>>>
>>> In any case, there is a Sun bug open for this:
>>>
>>> 6844255: Potential stack corruption in GetJavaProperties
>>>
>>> Can I take it that I can just get on and push Omair's extended
>>> version now then,
>>> with that bug ID?
>> Yes, go ahead, I should have said that in my mail.
>>
>
> Thanks.
>
> Done: http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-August/010993.html
>
> with Omair as author and yourself and I as reviewers.
>
>>> Well, the locale can be set be an environment variable, so it could
>>> potentially
>>> be anything of any length...
>>>
>>> The Debian bug posted above has an example, though I couldn't
>>> replicate it.
>>>
>> I couldn't replicate it either and was just curious if anyone managed
>> to
>> demonstrate it.
>>
>
> Yeah, I tend to think it's more potentially exploitable rather than something
> that's actually been hit.
>
>> -Alan.
>>
>
> Thanks,
More information about the core-libs-dev
mailing list