8037398: integer overflow in jdk/src/share/bin/java.c
authorkizune
Tue, 20 May 2014 23:17:01 +0400
changeset 24504 25a78d39aaa9
parent 24503 fe24408289d7
child 24505 d2c5179475ea
8037398: integer overflow in jdk/src/share/bin/java.c Reviewed-by: ksrini
jdk/src/share/bin/java.c
--- a/jdk/src/share/bin/java.c	Tue May 20 06:11:05 2014 -0700
+++ b/jdk/src/share/bin/java.c	Tue May 20 23:17:01 2014 +0400
@@ -739,6 +739,9 @@
     if (s == NULL)
         return;
     s = JLI_WildcardExpandClasspath(s);
+    if (sizeof(format) - 2 + JLI_StrLen(s) < JLI_StrLen(s))
+        // s is became corrupted after expanding wildcards
+        return;
     def = JLI_MemAlloc(sizeof(format)
                        - 2 /* strlen("%s") */
                        + JLI_StrLen(s));
@@ -1358,9 +1361,11 @@
         if (s) {
             s = (char *) JLI_WildcardExpandClasspath(s);
             /* 40 for -Denv.class.path= */
-            envcp = (char *)JLI_MemAlloc(JLI_StrLen(s) + 40);
-            sprintf(envcp, "-Denv.class.path=%s", s);
-            AddOption(envcp, NULL);
+            if (JLI_StrLen(s) + 40 > JLI_StrLen(s)) { // Safeguard from overflow
+                envcp = (char *)JLI_MemAlloc(JLI_StrLen(s) + 40);
+                sprintf(envcp, "-Denv.class.path=%s", s);
+                AddOption(envcp, NULL);
+            }
         }
     }