6844255: Potential stack corruption in GetJavaProperties
authoromajid
Wed, 01 Aug 2012 22:13:12 +0100
changeset 13405 69267890f7d9
parent 13404 8e63aa2e956c
child 13407 255287ecff85
6844255: Potential stack corruption in GetJavaProperties Summary: Use dynamically allocated buffers for temp and encoding. Reviewed-by: alanb, andrew
jdk/src/solaris/native/java/lang/java_props_md.c
--- a/jdk/src/solaris/native/java/lang/java_props_md.c	Fri Jul 27 16:17:11 2012 -0400
+++ b/jdk/src/solaris/native/java/lang/java_props_md.c	Wed Aug 01 22:13:12 2012 +0100
@@ -135,12 +135,12 @@
 #define P_tmpdir "/var/tmp"
 #endif
 
-static int ParseLocale(int cat, char ** std_language, char ** std_script,
+static int ParseLocale(JNIEnv* env, int cat, char ** std_language, char ** std_script,
                        char ** std_country, char ** std_variant, char ** std_encoding) {
-    char temp[64];
+    char *temp = NULL;
     char *language = NULL, *country = NULL, *variant = NULL,
          *encoding = NULL;
-    char *p, encoding_variant[64];
+    char *p, *encoding_variant;
     char *lc;
 
     /* Query the locale set for the category */
@@ -156,6 +156,12 @@
         return 0;
     }
 
+    temp = malloc(strlen(lc) + 1);
+    if (temp == NULL) {
+        JNU_ThrowOutOfMemoryError(env, NULL);
+        return 0;
+    }
+
     if (cat == LC_CTYPE) {
         /*
          * Workaround for Solaris bug 4201684: Xlib doesn't like @euro
@@ -178,6 +184,13 @@
     if (lc == NULL || !strcmp(lc, "C") || !strcmp(lc, "POSIX")) {
         lc = "en_US";
     }
+
+    temp = malloc(strlen(lc) + 1);
+    if (temp == NULL) {
+        JNU_ThrowOutOfMemoryError(env, NULL);
+        return 0;
+    }
+
 #endif
 
     /*
@@ -203,6 +216,13 @@
      * to a default country if that's possible.  It's also used to map
      * the Solaris locale aliases to their proper Java locale IDs.
      */
+
+    encoding_variant = malloc(strlen(temp)+1);
+    if (encoding_variant == NULL) {
+        JNU_ThrowOutOfMemoryError(env, NULL);
+        return 0;
+    }
+
     if ((p = strchr(temp, '.')) != NULL) {
         strcpy(encoding_variant, p); /* Copy the leading '.' */
         *p = '\0';
@@ -214,7 +234,17 @@
     }
 
     if (mapLookup(locale_aliases, temp, &p)) {
+        temp = realloc(temp, strlen(p)+1);
+        if (temp == NULL) {
+            JNU_ThrowOutOfMemoryError(env, NULL);
+            return 0;
+        }
         strcpy(temp, p);
+        encoding_variant = realloc(encoding_variant, strlen(temp)+1);
+        if (encoding_variant == NULL) {
+            JNU_ThrowOutOfMemoryError(env, NULL);
+            return 0;
+        }
         // check the "encoding_variant" again, if any.
         if ((p = strchr(temp, '.')) != NULL) {
             strcpy(encoding_variant, p); /* Copy the leading '.' */
@@ -326,6 +356,9 @@
 #endif
     }
 
+    free(temp);
+    free(encoding_variant);
+
     return 1;
 }
 
@@ -480,13 +513,13 @@
      * and store these in the user.language, user.country, user.variant and
      * file.encoding system properties. */
     setlocale(LC_ALL, "");
-    if (ParseLocale(LC_CTYPE,
+    if (ParseLocale(env, LC_CTYPE,
                     &(sprops.format_language),
                     &(sprops.format_script),
                     &(sprops.format_country),
                     &(sprops.format_variant),
                     &(sprops.encoding))) {
-        ParseLocale(LC_MESSAGES,
+        ParseLocale(env, LC_MESSAGES,
                     &(sprops.language),
                     &(sprops.script),
                     &(sprops.country),