harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tim Ellison (JIRA)" <j...@apache.org>
Subject [jira] Closed: (HARMONY-5741) [drlvm][verifier] thread unsafe and buffer overflow vulnerable code in the verifer
Date Fri, 26 Jun 2009 13:41:07 GMT

     [ https://issues.apache.org/jira/browse/HARMONY-5741?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tim Ellison closed HARMONY-5741.
--------------------------------


> [drlvm][verifier] thread unsafe and buffer overflow vulnerable code in the verifer
> ----------------------------------------------------------------------------------
>
>                 Key: HARMONY-5741
>                 URL: https://issues.apache.org/jira/browse/HARMONY-5741
>             Project: Harmony
>          Issue Type: Bug
>          Components: DRLVM
>            Reporter: Alexei Fedotov
>            Assignee: Pavel Pervov
>
> Negative cases are handled in a following way:
> static char err_message[5000];
> [...]
> if (result != VF_OK) {
>     *error = &(err_message[0]);
>     Method_Handle method = class_get_method(klass, index);
>     sprintf(*error, "%s/%s%s, pass: %d, instr: %d, reason: %s", class_get_name(klass),
method_get_name(method),
>     method_get_descriptor(method), context.pass, context.processed_instruction, context.error_message);
>     break;
> }
> The static buffer then is returned to the caller. Should use a local buffer and replace
sprintf with snprintf.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message