-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P4
-
Affects Version/s: 8, 11, 15
-
Component/s: core-libs
-
b23
-
windows
-
Not verified
The getEncodingInternal() function in
src/java.base/windows/native/libjava/java_props_md.c
calls the Windows GetLocaleInfo() function. Upon success, a null-terminated string is written to the buffer 'ret'. If GetLocaleInfo() fails, the default case of the switch(codepage) will write "Cp" to the first two chars of 'ret',
but the rest of the buffer remains uninitialized and un-terminated.
Though we've not reproduced GetLocaleInfo() failing, this code should be updated to avoid a potential unterminated/uninitialized string.
src/java.base/windows/native/libjava/java_props_md.c
calls the Windows GetLocaleInfo() function. Upon success, a null-terminated string is written to the buffer 'ret'. If GetLocaleInfo() fails, the default case of the switch(codepage) will write "Cp" to the first two chars of 'ret',
but the rest of the buffer remains uninitialized and un-terminated.
Though we've not reproduced GetLocaleInfo() failing, this code should be updated to avoid a potential unterminated/uninitialized string.
- duplicates
-
-
- Closed
-