Infelicity in OpenJDK
Gary Benson
gbenson at redhat.com
Fri Jul 3 12:32:33 PDT 2009
Hi Ed,
Good catch, I'll get a fix committed on Monday or Tuesday when I'm
back in.
Cheers,
Gary
Edward Nevill wrote:
> There is a potential insecurity in native_entry() in cppInterpreter_zero.cpp
>
> It does
> void **arguments;
> {
> ...
> void **dst = arguments;
> ...
>
> void *mirror = NULL;
> if (method->is_static()) {
> ...
> *(dst++) = &mirror;
> // ECN: Address of mirror stored in argument list here
> }
> ...
>
> }
>
> // ECN: Now follows more code which processes the argument list
> // however, 'mirror' is no longer in scope so the address is
> // potentially invalid.
>
> What needs to happen is the definition of 'mirror' needs to be moved
> up to the same scope as 'arguments'.
>
> Regards,
> Ed.
--
http://gbenson.net/
More information about the zero-dev
mailing list