You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@harmony.apache.org by "Tim Ellison (JIRA)" <ji...@apache.org> on 2009/06/26 15:41:07 UTC
[jira] Closed: (HARMONY-5741) [drlvm][verifier] thread unsafe and
buffer overflow vulnerable code in the verifer
[ https://issues.apache.org/jira/browse/HARMONY-5741?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tim Ellison closed HARMONY-5741.
--------------------------------
> [drlvm][verifier] thread unsafe and buffer overflow vulnerable code in the verifer
> ----------------------------------------------------------------------------------
>
> Key: HARMONY-5741
> URL: https://issues.apache.org/jira/browse/HARMONY-5741
> Project: Harmony
> Issue Type: Bug
> Components: DRLVM
> Reporter: Alexei Fedotov
> Assignee: Pavel Pervov
>
> Negative cases are handled in a following way:
> static char err_message[5000];
> [...]
> if (result != VF_OK) {
> *error = &(err_message[0]);
> Method_Handle method = class_get_method(klass, index);
> sprintf(*error, "%s/%s%s, pass: %d, instr: %d, reason: %s", class_get_name(klass), method_get_name(method),
> method_get_descriptor(method), context.pass, context.processed_instruction, context.error_message);
> break;
> }
> The static buffer then is returned to the caller. Should use a local buffer and replace sprintf with snprintf.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.