# HG changeset patch
# User kizune
# Date 1400613421 -14400
# Node ID 25a78d39aaa946145269f182ca114c104ba05ca5
# Parent  fe24408289d7be847f301b952fa0decbfb57c463
8037398: integer overflow in jdk/src/share/bin/java.c
Reviewed-by: ksrini

diff -r fe24408289d7 -r 25a78d39aaa9 jdk/src/share/bin/java.c
--- a/jdk/src/share/bin/java.c	Tue May 20 06:11:05 2014 -0700
+++ b/jdk/src/share/bin/java.c	Tue May 20 23:17:01 2014 +0400
@@ -739,6 +739,9 @@
     if (s == NULL)
         return;
     s = JLI_WildcardExpandClasspath(s);
+    if (sizeof(format) - 2 + JLI_StrLen(s) < JLI_StrLen(s))
+        // s is became corrupted after expanding wildcards
+        return;
     def = JLI_MemAlloc(sizeof(format)
                        - 2 /* strlen("%s") */
                        + JLI_StrLen(s));
@@ -1358,9 +1361,11 @@
         if (s) {
             s = (char *) JLI_WildcardExpandClasspath(s);
             /* 40 for -Denv.class.path= */
-            envcp = (char *)JLI_MemAlloc(JLI_StrLen(s) + 40);
-            sprintf(envcp, "-Denv.class.path=%s", s);
-            AddOption(envcp, NULL);
+            if (JLI_StrLen(s) + 40 > JLI_StrLen(s)) { // Safeguard from overflow
+                envcp = (char *)JLI_MemAlloc(JLI_StrLen(s) + 40);
+                sprintf(envcp, "-Denv.class.path=%s", s);
+                AddOption(envcp, NULL);
+            }
         }
     }