8037398: integer overflow in jdk/src/share/bin/java.c

Reviewed-by: ksrini

8037398: integer overflow in jdk/src/share/bin/java.c
Reviewed-by: ksrini
e78d0659 · kizune · 1dfd1a11 · e78d0659
显示空白变更内容
内联并排

Showing with 8 addition and 3 deletion

src/share/bin/java.c src/share/bin/java.c +8 -3

未找到文件。
--- a/src/share/bin/java.c
+++ b/src/share/bin/java.c
@@ -732,6 +732,9 @@ SetClassPath(const char *s)
    if (s == NULL)
        return;
    s = JLI_WildcardExpandClasspath(s);
+    if (sizeof(format) - 2 + JLI_StrLen(s) < JLI_StrLen(s))
+        // s is corrupted after wildcard expansion
+        return;
    def = JLI_MemAlloc(sizeof(format)
                       - 2 /* strlen("%s") */
                       + JLI_StrLen(s));
@@ -1351,11 +1354,13 @@ AddApplicationOptions(int cpathc, const char **cpathv)
        if (s) {
            s = (char *) JLI_WildcardExpandClasspath(s);
            /* 40 for -Denv.class.path= */
+            if (JLI_StrLen(s) + 40 > JLI_StrLen(s)) { // Safeguard from overflow
                envcp = (char *)JLI_MemAlloc(JLI_StrLen(s) + 40);
                sprintf(envcp, "-Denv.class.path=%s", s);
                AddOption(envcp, NULL);
            }
        }
+    }
    if (!GetApplicationHome(home, sizeof(home))) {
        JLI_ReportErrorMessage(CFG_ERROR5);