Infelicity in OpenJDK
Edward Nevill
enevill at arm.com
Fri Jul 3 01:50:14 PDT 2009
There is a potential insecurity in native_entry() in cppInterpreter_zero.cpp
It does
void **arguments;
{
...
void **dst = arguments;
...
void *mirror = NULL;
if (method->is_static()) {
...
*(dst++) = &mirror;
// ECN: Address of mirror stored in argument list here
}
...
}
// ECN: Now follows more code which processes the argument
list
// however, 'mirror' is no longer in scope so the address is
potentially invalid.
What needs to happen is the definition of 'mirror' needs to be moved up to
the same scope as 'arguments'.
Regards,
Ed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/zero-dev/attachments/20090703/d68b9a80/attachment.html
More information about the zero-dev
mailing list