[PATCH FOR REVIEW] Potential Buffer Overflow in java_props_md.c
ahughes at redhat.com
Wed Aug 1 21:18:04 UTC 2012
----- Original Message -----
> On 01/08/2012 14:52, Andrew Hughes wrote:
> > :
> > In any case, there is a Sun bug open for this:
> > 6844255: Potential stack corruption in GetJavaProperties
> > Can I take it that I can just get on and push Omair's extended
> > version now then,
> > with that bug ID?
> Yes, go ahead, I should have said that in my mail.
with Omair as author and yourself and I as reviewers.
> > Well, the locale can be set be an environment variable, so it could
> > potentially
> > be anything of any length...
> > The Debian bug posted above has an example, though I couldn't
> > replicate it.
> I couldn't replicate it either and was just curious if anyone managed
> demonstrate it.
Yeah, I tend to think it's more potentially exploitable rather than something
that's actually been hit.
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
More information about the core-libs-dev