[PATCH FOR REVIEW] Potential Buffer Overflow in java_props_md.c
Andrew Hughes
ahughes at redhat.com
Fri Aug 3 15:59:56 UTC 2012
----- Original Message -----
> On 02/08/2012 03:14, David Holmes wrote:
> > Andrew et al,
> >
> > AFAICS here:
> >
> > 220 encoding_variant = malloc(strlen(temp)+1);
> > 221 if (encoding_variant == NULL) {
> > 222 JNU_ThrowOutOfMemoryError(env, NULL);
> > 223 return 0;
> > 224 }
> >
> > we also need to do free(temp). Similarly later where we return with
> > OOM due to realloc failure, don't we also need to free what was
> > previously malloc'd?
> >
> > David
> I see there are follow-on mails to this but just to say that this is
> System.initProperties time so if there is a malloc failure this early
> in
> startup then it will cause the VM initialization to fail. So for
> completeness (and perhaps native memory leak detection tools) then I
> agree but if we do have problems here then we aren't go to go very
> far.
>
This was my thinking too when I first spotted it. I've now posted a webrev
following David's suggestions.
> -Alan.
>
--
Andrew :)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
More information about the core-libs-dev
mailing list