buffer overflow possible in CNI string-handling code?

Adam Megacz gcj@lists.megacz.com
Mon Mar 11 14:54:00 GMT 2002

• Previous message (by thread): buffer overflow possible in CNI string-handling code?
• Next message (by thread): buffer overflow possible in CNI string-handling code?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Tom Tromey <tromey@redhat.com> writes:
> This code has a bug. text->length() is the length in characters.
> These don't map directly onto UTF-8 bytes.
> You must use JvGetStringUTFLength to find the length in bytes.

Argh, that's right. What I really want is ASCII, but UTF-8 is close
enough. Thanks for noticing this.
> Adam> If a malicious user sends a huge string for 'text'1, will the
> Adam> allocation of buf2 notice that text->length() > stacksize, and
> Adam> refuse to proceed (either a crash or an exception is
> Adam> acceptable)?.

> Assuming you use JvGetStringUTFLength, you'll get a crash, I think.

Cool. Is this because the code emitted for buf[foo] includes a check
to see if (foo + sp > top_of_stack)?
 - a
-- 
"If I put copyrighted material into the 'chewy nougat center', I can
 claim the crunchy chocolate coating is an 'Access Control
 Mechanism'." --lynx_user_abroad
Why Windows NT/2k/XP is unreliable: www.zappadoodle.com

---

• Previous message (by thread): buffer overflow possible in CNI string-handling code?
• Next message (by thread): buffer overflow possible in CNI string-handling code?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Java mailing list