diff -r 1201792aa3a3 -r 3944eaf3322c jdk/src/java.base/unix/native/libjli/java_md_solinux.c --- a/jdk/src/java.base/unix/native/libjli/java_md_solinux.c Mon Mar 02 12:56:22 2015 -0800 +++ b/jdk/src/java.base/unix/native/libjli/java_md_solinux.c Mon Mar 02 08:19:11 2015 -0800 @@ -340,6 +340,7 @@ char* newpath = NULL; /* path on new LD_LIBRARY_PATH */ char* lastslash = NULL; char** newenvp = NULL; /* current environment */ + size_t new_runpath_size; #ifdef __solaris__ char* dmpath = NULL; /* data model specific LD_LIBRARY_PATH, Solaris only */ @@ -516,13 +517,14 @@ /* runpath contains current effective LD_LIBRARY_PATH setting */ jvmpath = JLI_StringDup(jvmpath); - new_runpath = JLI_MemAlloc(((runpath != NULL) ? JLI_StrLen(runpath) : 0) + + new_runpath_size = ((runpath != NULL) ? JLI_StrLen(runpath) : 0) + 2 * JLI_StrLen(jrepath) + 2 * JLI_StrLen(arch) + #ifdef AIX /* On AIX we additionally need 'jli' in the path because ld doesn't support $ORIGIN. */ JLI_StrLen(jrepath) + JLI_StrLen(arch) + JLI_StrLen("/lib//jli:") + #endif - JLI_StrLen(jvmpath) + 52); + JLI_StrLen(jvmpath) + 52; + new_runpath = JLI_MemAlloc(new_runpath_size); newpath = new_runpath + JLI_StrLen(LD_LIBRARY_PATH "="); @@ -577,6 +579,11 @@ * loop of execv() because we test for the prefix, above. */ if (runpath != 0) { + /* ensure storage for runpath + colon + NULL */ + if ((JLI_StrLen(runpath) + 1 + 1) > new_runpath_size) { + JLI_ReportErrorMessageSys(JRE_ERROR11); + exit(1); + } JLI_StrCat(new_runpath, ":"); JLI_StrCat(new_runpath, runpath); } @@ -667,7 +674,11 @@ JLI_TraceLauncher("JRE path is %s\n", path); return JNI_TRUE; } - + /* ensure storage for path + /jre + NULL */ + if ((JLI_StrLen(path) + 4 + 1) > (size_t) pathsize) { + JLI_TraceLauncher("Insufficient space to store JRE path\n"); + return JNI_FALSE; + } /* Does the app ship a private JRE in /jre directory? */ JLI_Snprintf(libjava, sizeof(libjava), "%s/jre/lib/%s/" JAVA_DLL, path, arch); if (access(libjava, F_OK) == 0) {