safety of GCJ-generated code

Tom Tromey tromey@redhat.com
Mon Dec 17 10:00:00 GMT 2001

• Previous message (by thread): safety of GCJ-generated code
• Next message (by thread): safety of GCJ-generated code
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

>>>>> "Adam" == Adam Megacz <gcj@lists.megacz.com> writes:

Adam> Is GCJ-compiled code "safe" in the sense that no malicious input
Adam> to a program can possibly cause it to crash or jump to memory
Adam> locations that aren't part of its code? (ie buffer overflows,
Adam> stack-busting). By crash, I mean something beyond an uncaught
Adam> exception.
In theory this is the case.
In practice, I think gcj-generated code is safe (barring unknown
bugs). However, nobody has done an audit of libgcj. There may well
be problems in the C++ code. We try not to introduce them, but of
course it is hard to be 100% certain.
If you find any holes along these lines, they are bugs and should be
reported (and fixed).
Note that libgcj doesn't yet fully conform to Java's security model.
We don't really support having a SecurityManager. Also, we never
throw StackOverflowError -- instead you might see a crash. These two
things have been on the to-do list for years. Unfortunately,
implementing them isn't trivial.
Tom

---

• Previous message (by thread): safety of GCJ-generated code
• Next message (by thread): safety of GCJ-generated code
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Java mailing list