--- a/jdk/src/java.base/macosx/native/libjli/java_md_macosx.c	Mon Mar 02 12:56:22 2015 -0800
+++ b/jdk/src/java.base/macosx/native/libjli/java_md_macosx.c	Mon Mar 02 08:19:11 2015 -0800
@@ -611,7 +611,11 @@
         if (access(libjava, F_OK) == 0) {
             return JNI_TRUE;
         }
-
+        /* ensure storage for path + /jre + NULL */
+        if ((JLI_StrLen(path) + 4 + 1) > (size_t) pathsize) {
+            JLI_TraceLauncher("Insufficient space to store JRE path\n");
+            return JNI_FALSE;
+        }
         /* Does the app ship a private JRE in <apphome>/jre directory? */
         JLI_Snprintf(libjava, sizeof(libjava), "%s/jre/lib/" JAVA_DLL, path);
         if (access(libjava, F_OK) == 0) {

--- a/jdk/src/java.base/unix/native/libjli/java_md_solinux.c	Mon Mar 02 12:56:22 2015 -0800
+++ b/jdk/src/java.base/unix/native/libjli/java_md_solinux.c	Mon Mar 02 08:19:11 2015 -0800
@@ -340,6 +340,7 @@
       char* newpath     = NULL; /* path on new LD_LIBRARY_PATH */
       char* lastslash   = NULL;
       char** newenvp    = NULL; /* current environment */
+      size_t new_runpath_size;
 #ifdef __solaris__
       char*  dmpath     = NULL;  /* data model specific LD_LIBRARY_PATH,
                                     Solaris only */
@@ -516,13 +517,14 @@
             /* runpath contains current effective LD_LIBRARY_PATH setting */
 
             jvmpath = JLI_StringDup(jvmpath);
-            new_runpath = JLI_MemAlloc(((runpath != NULL) ? JLI_StrLen(runpath) : 0) +
+            new_runpath_size = ((runpath != NULL) ? JLI_StrLen(runpath) : 0) +
                     2 * JLI_StrLen(jrepath) + 2 * JLI_StrLen(arch) +
 #ifdef AIX
                     /* On AIX we additionally need 'jli' in the path because ld doesn't support $ORIGIN. */
                     JLI_StrLen(jrepath) + JLI_StrLen(arch) + JLI_StrLen("/lib//jli:") +
 #endif
-                    JLI_StrLen(jvmpath) + 52);
+                    JLI_StrLen(jvmpath) + 52;
+            new_runpath = JLI_MemAlloc(new_runpath_size);
             newpath = new_runpath + JLI_StrLen(LD_LIBRARY_PATH "=");
 
 
@@ -577,6 +579,11 @@
              * loop of execv() because we test for the prefix, above.
              */
             if (runpath != 0) {
+                /* ensure storage for runpath + colon + NULL */
+                if ((JLI_StrLen(runpath) + 1 + 1) > new_runpath_size) {
+                    JLI_ReportErrorMessageSys(JRE_ERROR11);
+                    exit(1);
+                }
                 JLI_StrCat(new_runpath, ":");
                 JLI_StrCat(new_runpath, runpath);
             }
@@ -667,7 +674,11 @@
             JLI_TraceLauncher("JRE path is %s\n", path);
             return JNI_TRUE;
         }
-
+        /* ensure storage for path + /jre + NULL */
+        if ((JLI_StrLen(path) + 4  + 1) > (size_t) pathsize) {
+            JLI_TraceLauncher("Insufficient space to store JRE path\n");
+            return JNI_FALSE;
+        }
         /* Does the app ship a private JRE in <apphome>/jre directory? */
         JLI_Snprintf(libjava, sizeof(libjava), "%s/jre/lib/%s/" JAVA_DLL, path, arch);
         if (access(libjava, F_OK) == 0) {

--- a/jdk/src/java.base/windows/native/libjli/java_md.c	Mon Mar 02 12:56:22 2015 -0800
+++ b/jdk/src/java.base/windows/native/libjli/java_md.c	Mon Mar 02 08:19:11 2015 -0800
@@ -323,7 +323,11 @@
             JLI_TraceLauncher("JRE path is %s\n", path);
             return JNI_TRUE;
         }
-
+        /* ensure storage for path + \jre + NULL */
+        if ((JLI_StrLen(path) + 4 + 1) > (size_t) pathsize) {
+            JLI_TraceLauncher("Insufficient space to store JRE path\n");
+            return JNI_FALSE;
+        }
         /* Does this app ship a private JRE in <apphome>\jre directory? */
         JLI_Snprintf(javadll, sizeof (javadll), "%s\\jre\\bin\\" JAVA_DLL, path);
         if (stat(javadll, &s) == 0) {