RFR(xs): 8165936: Potential Heap buffer overflow when seaching timezone info files

Thomas Stüfe thomas.stuefe at gmail.com
Tue Sep 13 10:53:57 UTC 2016

Dear all,

please take a look at this small change:

Bug: https://bugs.openjdk.java.net/browse/JDK-8165936

readdir_r is used to iterate over the content of a system directory, but
the buffer passed to it is too small: Its size should include the size of
the dirent structure itself (minus the d_name member).

The fix also now checks the return code of pathconf(), and if pathconf()
returns an error, falls back to the NAME_MAX compile time constant.
Finally, it imposes a minimum size for the buffer, because on older System
V systems NAME_MAX may be surprisingly small and readdir_r will not check
the output buffer size. I think it is better to err on the safe side here.

Kind Regards, Thomas

More information about the core-libs-dev mailing list