[PATCH FOR REVIEW] Potential Buffer Overflow in java_props_md.c

Andrew Hughes ahughes at redhat.com
Wed Aug 1 11:40:43 UTC 2012

java_props_md.c allocates a 64 byte buffer for the return value of setlocale
on the stack.  However, there appears to be no set limit on the return value:


and no check in the code to ensure that its length is 63 characters or less
(allowing for '\0').  While language and country are defined by ISO, I don't
believe there's any limit on the optional encoding and variant entries.

This patch:


replaces the allocation with a dynamic buffer based on the length of lc.

Original bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497666

Ok for tl?  If so, can I have a bug ID?

Andrew :)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F  8F91 3B96 A578 248B DC07

More information about the core-libs-dev mailing list