Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6317964

Fix a potential buffer overflow problem of 6204620

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P3 P3
    • 6
    • 6
    • deploy
    • None
    • b52
    • x86
    • windows_xp

      Bug fix for 6204620 brings a potential problem.

      http://j2se.east/www/webrevs/ccheung/1.6.0/6204620/webrev/

      http://j2se.east/www/webrevs/ccheung/1.6.0/6204620/webrev/src/plugin/win32/jpishare/CJavaJNI.cpp.sdiff.html
      ...
      1370 char* newbuffer = (char *) malloc(lstrlen(g_pszConsoleOutput) + len + 1);
      1371 if (newbuffer) {
      1372 newbuffer[0] = '\0';
      1373 memcpy(newbuffer, g_pszConsoleOutput, lstrlen(g_pszConsoleOutput));
      1374 free(g_pszConsoleOutput);
      1375 g_pszConsoleOutput = newbuffer;
      1376 }
      1377 }
      1378
      1379 lstrcat(g_pszConsoleOutput, buffer);
      ...
      Variable newbuffer is not ended with '\0', which may cause a buffer overflow at line 1379.

            jchusunw Jacky Chu (Inactive)
            jchusunw Jacky Chu (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: