[PATCH FOR REVIEW] Potential Buffer Overflow in java_props_md.c (original) (raw)
David Holmes david.holmes at oracle.com
Thu Aug 2 02:14:36 UTC 2012
- Previous message: [PATCH FOR REVIEW] Potential Buffer Overflow in java_props_md.c
- Next message: [PATCH FOR REVIEW] Potential Buffer Overflow in java_props_md.c
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Andrew et al,
AFAICS here:
220 encoding_variant = malloc(strlen(temp)+1);
221 if (encoding_variant == NULL) {
222 JNU_ThrowOutOfMemoryError(env, NULL);
223 return 0;
224 }we also need to do free(temp). Similarly later where we return with OOM due to realloc failure, don't we also need to free what was previously malloc'd?
David
On 2/08/2012 7:18 AM, Andrew Hughes wrote:
----- Original Message ----- On 01/08/2012 14:52, Andrew Hughes wrote: :
In any case, there is a Sun bug open for this: 6844255: Potential stack corruption in GetJavaProperties Can I take it that I can just get on and push Omair's extended version now then, with that bug ID? Yes, go ahead, I should have said that in my mail. Thanks. Done: http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-August/010993.html with Omair as author and yourself and I as reviewers. Well, the locale can be set be an environment variable, so it could potentially be anything of any length... The Debian bug posted above has an example, though I couldn't replicate it. I couldn't replicate it either and was just curious if anyone managed to demonstrate it. Yeah, I tend to think it's more potentially exploitable rather than something that's actually been hit. -Alan. Thanks,
- Previous message: [PATCH FOR REVIEW] Potential Buffer Overflow in java_props_md.c
- Next message: [PATCH FOR REVIEW] Potential Buffer Overflow in java_props_md.c
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]