JDK-6431847 : Memory overflow in java launcher for Linux
- Type: Bug
- Component: tools
- Sub-Component: launcher
- Affected Version: 5.0,5.0u3,5.0u12
- Priority: P2
- Status: Resolved
- Resolution: Fixed
- OS: generic,linux,solaris
- CPU: generic,x86
- Submitted: 2006-05-30
- Updated: 2012-10-09
- Resolved: 2006-06-21
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| Other | Other | Other | JDK 6 |
|---|---|---|---|
| 1.4.2_19-revFixed | 1.4.2_20-revFixed | 1.4.2_21Fixed | 6 b89Fixed  |
Related Reports
|
Duplicate :
|
Description
FULL PRODUCT VERSION :
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
Java HotSpot(TM) Client VM (build 1.5.0-b64, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Any linux platform
A DESCRIPTION OF THE PROBLEM :
The implementation of the LocateJRE function in java_md.c applies a fixed size block for a search directory string, which causes an overflow in linux, where search paths are a few chars longer than in solaris (line 1545).
This method doesn't seem to be called by any standard tools, but as it's a public function, I think it should be corrected to avoid future problems.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Call LocateJRE from c-code to find a proper JVM.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
To start Java normally.
ACTUAL -
Segmentaton violation.
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
char*
LocateJRE(manifest_info* info)
{
char *path;
char *home;
char *target = NULL;
char *dp;
char *cp;
/*
* Start by getting JAVA_VERSION_PATH
*/
if (info->jre_restrict_search)
path = strdup(system_dir);
else if ((path = getenv("JAVA_VERSION_PATH")) != NULL)
path = strdup(path);
else
if ((home = getenv("HOME")) != NULL) {
path = (char *)MemAlloc(strlen(home) + 13);
path = strcat(strcat(strcat(strcpy(path, home),
user_dir), ":"), system_dir);
} else
path = strdup(system_dir);
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Use strlen() to generate a big enough buffer.
Comments
|