Mercurial > hg > release > icedtea6-1.8
view patches/security/20110607/7012520.patch @ 2150:e11a3915d1cf
Apply 2011/06/07 security patches.
2011-05-23 Andrew John Hughes <ahughes@redhat.com>
* Makefile.am: Add security patches.
* NEWS: List security patches.
* patches/icedtea-nio2.patch: Rerolled post-security
patching.
* patches/security/20110607/6213702.patch,
* patches/security/20110607/6618658.patch,
* patches/security/20110607/7012520.patch,
* patches/security/20110607/7013519.patch,
* patches/security/20110607/7013969.patch,
* patches/security/20110607/7013971.patch,
* patches/security/20110607/7016495.patch,
* patches/security/20110607/7020198.patch,
* patches/security/20110607/7020373.patch:
New security patches.
* patches/icedtea-xjc.patch: Rerolled after 7013971.
| author | Andrew John Hughes <ahughes@redhat.com> |
|---|---|
| date | Tue, 24 May 2011 23:28:49 +0100 |
| parents | |
| children |
line wrap: on
line source
# HG changeset patch # User dcherepanov # Date 1301921550 -14400 # Node ID 049b0098d27c509fd57843ab4ea7aa5fa5fc84bd # Parent dc0eabbd9955ebe6a40aa931d6f3333e1f50a1b2 7012520: Heap overflow vulnerability in FileDialog.show() Reviewed-by: art, anthony diff --git a/src/windows/native/sun/windows/awt_FileDialog.cpp b/src/windows/native/sun/windows/awt_FileDialog.cpp --- openjdk/jdk/src/windows/native/sun/windows/awt_FileDialog.cpp +++ openjdk/jdk/src/windows/native/sun/windows/awt_FileDialog.cpp @@ -231,11 +231,12 @@ AwtFileDialog::Show(void *p) JavaStringBuffer directoryBuffer(env, directory); fileBuffer = new TCHAR[MAX_PATH+1]; + memset(fileBuffer, 0, (MAX_PATH+1) * sizeof(TCHAR)); file = (jstring)env->GetObjectField(target, AwtFileDialog::fileID); if (file != NULL) { LPCTSTR tmp = JNU_GetStringPlatformChars(env, file, NULL); - _tcscpy(fileBuffer, tmp); + _tcsncpy(fileBuffer, tmp, MAX_PATH-1); // the fileBuffer is double null terminated string JNU_ReleaseStringPlatformChars(env, file, tmp); } else { fileBuffer[0] = _T('\0');