RFR [8043507]: javax.smartcardio.CardTerminals.list() fails on MacOSX
Valerie (Yu-Ching) Peng
valerie.peng at oracle.com
Fri May 23 00:25:38 UTC 2014
Looks good.
Thanks,
Valerie
On 05/22/14 00:25, Ivan Gerasimov wrote:
>
> On 22.05.2014 3:13, Valerie (Yu-Ching) Peng wrote:
>> Looks good.
>>
> Thank you Valerie!
>
>> Have you looked for similar problems in the code? I wonder if this is
>> the only occurrence.
>>
> I've scanned through the rest of pcsc.c and found a few other places
> that can potentially have the same issue.
> In all the places the variable is declared to be 64 bit integer, but
> the library function expects a pointer to 32 bit integer.
> I didn't check whether the bugs can really be observed there, but
> think it's better to play safe and initialize variables to zero before
> passing a pointer to them to a library function.
>
> Would you please take a look the updated webrev?
>
> WEBREV: http://cr.openjdk.java.net/~igerasim/8043507/1/webrev/
>
> Sincerely yours,
> Ivan
>
>
>> Thanks,
>> Valerie
>>
>> On 05/20/14 04:00, Ivan Gerasimov wrote:
>>> Hello!
>>>
>>> The function javax.smartcardio.CardTerminals.list() sometimes fails
>>> when called from an app running on MacOSX.
>>> The problem is due to that CALL_SCardListReaders(_, _, _, &size)
>>> expects the size variable to be of size uint32_t on os x, but we
>>> provide a pointer to 64 bit int instead.
>>> As a result, the higher bits may contain garbage upon return, and we
>>> try to allocate a too large block of memory.
>>>
>>> The simplest solution is to initialize 'size' to zero before the call.
>>>
>>> No new tests with the fix, as the exiting tests already demonstrate
>>> intermittent failures because of this bug.
>>>
>>> For example, I've seem how
>>> ./sun/security/smartcardio/TestDefault.java failed once on every few
>>> hundred runs.
>>> With the fix this test doesn't fail even when running in a loop with
>>> thousands of iterations.
>>>
>>> Would you please review this simple fix?
>>>
>>> BUGURL: https://bugs.openjdk.java.net/browse/JDK-8043507
>>> WEBREV: http://cr.openjdk.java.net/~igerasim/8043507/0/webrev/
>>>
>>> Sincerely yours,
>>> Ivan
>>
>>
>>
>
More information about the security-dev
mailing list