JDK-8165936 : Potential Heap buffer overflow when seaching timezone info files
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.util:i18n
  • Affected Version: 6,7,8,9
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: linux,solaris
  • Submitted: 2016-09-13
  • Updated: 2020-07-24
  • Resolved: 2016-09-15
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 JDK 9 Other
8u261Fixed 9 b137Fixed openjdk8u272Fixed
Related Reports
Relates :  
Relates :  
When looking for platform-specific timezone info files, readdir_r() is used to list the content of the directory containing the zoneinfo file. The output buffer allocated is too short, which may result in readdir_r() to write beyond the end of the output buffer.
Fix Request (8u) Improves 8u reliability and keeps codebases in sync (I see 8u261). Patch does not apply cleanly to 8u. 8u RFR (reviewed by Thomas): https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-March/011485.html