--- a/jdk/src/java.base/unix/native/libjli/java_md_solinux.c Mon Mar 02 12:56:22 2015 -0800
+++ b/jdk/src/java.base/unix/native/libjli/java_md_solinux.c Mon Mar 02 08:19:11 2015 -0800
@@ -340,6 +340,7 @@
char* newpath = NULL; /* path on new LD_LIBRARY_PATH */
char* lastslash = NULL;
char** newenvp = NULL; /* current environment */
+ size_t new_runpath_size;
#ifdef __solaris__
char* dmpath = NULL; /* data model specific LD_LIBRARY_PATH,
Solaris only */
@@ -516,13 +517,14 @@
/* runpath contains current effective LD_LIBRARY_PATH setting */
jvmpath = JLI_StringDup(jvmpath);
- new_runpath = JLI_MemAlloc(((runpath != NULL) ? JLI_StrLen(runpath) : 0) +
+ new_runpath_size = ((runpath != NULL) ? JLI_StrLen(runpath) : 0) +
2 * JLI_StrLen(jrepath) + 2 * JLI_StrLen(arch) +
#ifdef AIX
/* On AIX we additionally need 'jli' in the path because ld doesn't support $ORIGIN. */
JLI_StrLen(jrepath) + JLI_StrLen(arch) + JLI_StrLen("/lib//jli:") +
#endif
- JLI_StrLen(jvmpath) + 52);
+ JLI_StrLen(jvmpath) + 52;
+ new_runpath = JLI_MemAlloc(new_runpath_size);
newpath = new_runpath + JLI_StrLen(LD_LIBRARY_PATH "=");
@@ -577,6 +579,11 @@
* loop of execv() because we test for the prefix, above.
*/
if (runpath != 0) {
+ /* ensure storage for runpath + colon + NULL */
+ if ((JLI_StrLen(runpath) + 1 + 1) > new_runpath_size) {
+ JLI_ReportErrorMessageSys(JRE_ERROR11);
+ exit(1);
+ }
JLI_StrCat(new_runpath, ":");
JLI_StrCat(new_runpath, runpath);
}
@@ -667,7 +674,11 @@
JLI_TraceLauncher("JRE path is %s\n", path);
return JNI_TRUE;
}
-
+ /* ensure storage for path + /jre + NULL */
+ if ((JLI_StrLen(path) + 4 + 1) > (size_t) pathsize) {
+ JLI_TraceLauncher("Insufficient space to store JRE path\n");
+ return JNI_FALSE;
+ }
/* Does the app ship a private JRE in <apphome>/jre directory? */
JLI_Snprintf(libjava, sizeof(libjava), "%s/jre/lib/%s/" JAVA_DLL, path, arch);
if (access(libjava, F_OK) == 0) {