harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexei Fedotov (JIRA)" <j...@apache.org>
Subject [jira] Created: (HARMONY-5741) [drlvm][verifier] thread unsafe and buffer overflow vulnerable code in the verifer
Date Wed, 16 Apr 2008 08:48:21 GMT
[drlvm][verifier] thread unsafe and buffer overflow vulnerable code in the verifer
----------------------------------------------------------------------------------

                 Key: HARMONY-5741
                 URL: https://issues.apache.org/jira/browse/HARMONY-5741
             Project: Harmony
          Issue Type: Bug
            Reporter: Alexei Fedotov


Negative cases are handled in a following way:

static char err_message[5000];

[...]

if (result != VF_OK) {
    *error = &(err_message[0]);
    Method_Handle method = class_get_method(klass, index);
    sprintf(*error, "%s/%s%s, pass: %d, instr: %d, reason: %s", class_get_name(klass), method_get_name(method),
    method_get_descriptor(method), context.pass, context.processed_instruction, context.error_message);
    break;
}

The static buffer then is returned to the caller. Should use a local buffer and replace sprintf
with snprintf.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message