-
Bug
-
Resolution: Fixed
-
P2
-
5.0, 5.0u3, 5.0u12
-
b89
-
generic, x86
-
generic, linux, solaris
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2152459 | 5.0u14 | Abhijit Saha | P2 | Resolved | Fixed | b02 |
| JDK-2174453 | 1.4.2_21 | Abhijit Saha | P3 | Resolved | Fixed | b01 |
| JDK-2179177 | 1.4.2_20-rev | Abhijit Saha | P2 | Resolved | Fixed | b04 |
| JDK-2152460 | 1.4.2_19-rev | Abhijit Saha | P2 | Resolved | Fixed | b09 |
FULL PRODUCT VERSION :
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
Java HotSpot(TM) Client VM (build 1.5.0-b64, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Any linux platform
A DESCRIPTION OF THE PROBLEM :
The implementation of the LocateJRE function in java_md.c applies a fixed size block for a search directory string, which causes an overflow in linux, where search paths are a few chars longer than in solaris (line 1545).
This method doesn't seem to be called by any standard tools, but as it's a public function, I think it should be corrected to avoid future problems.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Call LocateJRE from c-code to find a proper JVM.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
To start Java normally.
ACTUAL -
Segmentaton violation.
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
char*
LocateJRE(manifest_info* info)
{
char *path;
char *home;
char *target = NULL;
char *dp;
char *cp;
/*
* Start by getting JAVA_VERSION_PATH
*/
if (info->jre_restrict_search)
path = strdup(system_dir);
else if ((path = getenv("JAVA_VERSION_PATH")) != NULL)
path = strdup(path);
else
if ((home = getenv("HOME")) != NULL) {
path = (char *)MemAlloc(strlen(home) + 13);
path = strcat(strcat(strcat(strcpy(path, home),
user_dir), ":"), system_dir);
} else
path = strdup(system_dir);
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Use strlen() to generate a big enough buffer.
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
Java HotSpot(TM) Client VM (build 1.5.0-b64, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Any linux platform
A DESCRIPTION OF THE PROBLEM :
The implementation of the LocateJRE function in java_md.c applies a fixed size block for a search directory string, which causes an overflow in linux, where search paths are a few chars longer than in solaris (line 1545).
This method doesn't seem to be called by any standard tools, but as it's a public function, I think it should be corrected to avoid future problems.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Call LocateJRE from c-code to find a proper JVM.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
To start Java normally.
ACTUAL -
Segmentaton violation.
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
char*
LocateJRE(manifest_info* info)
{
char *path;
char *home;
char *target = NULL;
char *dp;
char *cp;
/*
* Start by getting JAVA_VERSION_PATH
*/
if (info->jre_restrict_search)
path = strdup(system_dir);
else if ((path = getenv("JAVA_VERSION_PATH")) != NULL)
path = strdup(path);
else
if ((home = getenv("HOME")) != NULL) {
path = (char *)MemAlloc(strlen(home) + 13);
path = strcat(strcat(strcat(strcpy(path, home),
user_dir), ":"), system_dir);
} else
path = strdup(system_dir);
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Use strlen() to generate a big enough buffer.
- backported by
-
JDK-2152459 Memory overflow in java launcher for Linux
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
- duplicates
-
-
- Closed
-