United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6431847 Memory overflow in java launcher for Linux
JDK-6431847 : Memory overflow in java launcher for Linux

Details
Type:
Bug
Submit Date:
2006-05-30
Status:
Resolved
Updated Date:
2012-10-09
Project Name:
JDK
Resolved Date:
2006-06-21
Component:
tools
OS:
solaris,linux,generic
Sub-Component:
launcher
CPU:
x86,generic
Priority:
P2
Resolution:
Fixed
Affected Versions:
5.0,5.0u3,5.0u12
Fixed Versions:

Related Reports
Backport:
Backport:
Backport:
Backport:
Duplicate:

Sub Tasks

Description
FULL PRODUCT VERSION :
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
Java HotSpot(TM) Client VM (build 1.5.0-b64, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
Any linux platform

A DESCRIPTION OF THE PROBLEM :
The implementation of the LocateJRE function in java_md.c applies a fixed size block for a search directory string, which causes an overflow in linux, where search paths are a few chars longer than in solaris (line 1545).

This method doesn't seem to be called by any standard tools, but as it's a public function, I think it should be corrected to avoid future problems.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Call LocateJRE from c-code to find a proper JVM.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
  To start Java normally.
ACTUAL -
Segmentaton violation.

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
char*
LocateJRE(manifest_info* info)
{
    char	*path;
    char	*home;
    char	*target = NULL;
    char	*dp;
    char	*cp;

    /*
     * Start by getting JAVA_VERSION_PATH
     */
    if (info->jre_restrict_search)
	path = strdup(system_dir);
    else if ((path = getenv("JAVA_VERSION_PATH")) != NULL)
	path = strdup(path);
    else
	if ((home = getenv("HOME")) != NULL) {
	    path = (char *)MemAlloc(strlen(home) + 13);
	    path = strcat(strcat(strcat(strcpy(path, home),
	        user_dir), ":"), system_dir);
	} else
	    path = strdup(system_dir);

---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
Use strlen() to generate a big enough buffer.

                                    

Comments
EVALUATION

The constant "13" should be replaced by"
	strlen(user_dir) + strlen(system_dir) + 2
Where the "2" is for the constant ':' and a terminating null.
                                     
2006-06-01
WORK AROUND

Add -jre-restrict-search to your command line.

or

set env var JAVA_VERSION_PATH directly,
    export JAVA_VERSION_PATH=$HOME/jdk:/usr/jdk
                                     
2007-09-11



Hardware and Software, Engineered to Work Together