Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 e78d0659 编写于 作者: K kizune
浏览文件
操作

8037398: integer overflow in jdk/src/share/bin/java.c 

Reviewed-by: ksrini
上级 1dfd1a11
隐藏空白更改
内联 并排
Showing with 8 addition and 3 deletion
src/share/bin/java.c
浏览文件 @ e78d0659
...@@ -732,6 +732,9 @@ SetClassPath(const char *s) ...@@ -732,6 +732,9 @@ SetClassPath(const char *s)
if (s == NULL) if (s == NULL)
return; return;
s = JLI_WildcardExpandClasspath(s); s = JLI_WildcardExpandClasspath(s);
if (sizeof(format) - 2 + JLI_StrLen(s) < JLI_StrLen(s))
// s is corrupted after wildcard expansion
return;
def = JLI_MemAlloc(sizeof(format) def = JLI_MemAlloc(sizeof(format)
- 2 /* strlen("%s") */ - 2 /* strlen("%s") */
+ JLI_StrLen(s)); + JLI_StrLen(s));
...@@ -1351,9 +1354,11 @@ AddApplicationOptions(int cpathc, const char **cpathv) ...@@ -1351,9 +1354,11 @@ AddApplicationOptions(int cpathc, const char **cpathv)
if (s) { if (s) {
s = (char *) JLI_WildcardExpandClasspath(s); s = (char *) JLI_WildcardExpandClasspath(s);
/* 40 for -Denv.class.path= */ /* 40 for -Denv.class.path= */
envcp = (char *)JLI_MemAlloc(JLI_StrLen(s) + 40); if (JLI_StrLen(s) + 40 > JLI_StrLen(s)) { // Safeguard from overflow
sprintf(envcp, "-Denv.class.path=%s", s); envcp = (char *)JLI_MemAlloc(JLI_StrLen(s) + 40);
AddOption(envcp, NULL); sprintf(envcp, "-Denv.class.path=%s", s);
AddOption(envcp, NULL);
}
} }
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册