Mercurial > hg > release > icedtea7-forest-2.0 > jdk
changeset 1577:7352778840c7
6830335: Java JAR Pack200 Decompression Integer Overflow Vulnerability
Summary: Fixes a potential vulnerability in the unpack200 logic, by adding extra checks, a back-port.
Reviewed-by: asaha
author | ksrini |
---|---|
date | Mon, 22 Jun 2009 07:23:20 -0700 |
parents | ffb8e36b668c |
children | 043280e1fc76 |
files | src/share/native/com/sun/java/util/jar/pack/unpack.cpp |
diffstat | 1 files changed, 6 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/native/com/sun/java/util/jar/pack/unpack.cpp Tue Jun 23 13:54:36 2009 -0400 +++ b/src/share/native/com/sun/java/util/jar/pack/unpack.cpp Mon Jun 22 07:23:20 2009 -0700 @@ -908,10 +908,12 @@ // place a limit on future CP growth: int generous = 0; - generous += u->ic_count*3; // implicit name, outer, outer.utf8 - generous += 40; // WKUs, misc - generous += u->class_count; // implicit SourceFile strings - maxentries = nentries + generous; + generous = add_size(generous, u->ic_count); // implicit name + generous = add_size(generous, u->ic_count); // outer + generous = add_size(generous, u->ic_count); // outer.utf8 + generous = add_size(generous, 40); // WKUs, misc + generous = add_size(generous, u->class_count); // implicit SourceFile strings + maxentries = add_size(nentries, generous); // Note that this CP does not include "empty" entries // for longs and doubles. Those are introduced when