This is the mail archive of the java@gcc.gnu.org mailing list for the Java project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

safety of GCJ-generated code

From: Adam Megacz <gcj at lists dot megacz dot com>
To: java at gcc dot gnu dot org
Date: 17 Dec 2001 09:42:03 -0800
Subject: safety of GCJ-generated code
Organization: Myself


Is GCJ-compiled code "safe" in the sense that no malicious input to a
program can possibly cause it to crash or jump to memory locations
that aren't part of its code? (ie buffer overflows, stack-busting). By
crash, I mean something beyond an uncaught exception.

I know that normal JVMs have this property; and from my understanding
of GCJ, I believe that it does as well (assuming that you leave
bounds-checking turned on).

I guess if I wanted to be really precise, I ought to say "assuming
that the JVM/compiler/libgcj has no bugs, no matter how bug-ridden the
java code being compiled is, it will never behave in an unsafe manner".

For example, GCJ with bounds checking turned off definately does not
have this property -- with malicious inputs, you can get some programs
to overwrite arbitrary regions of memory.

  - a

Follow-Ups:
- safety of GCJ-generated code
  - From: Andrew Haley
- Re: safety of GCJ-generated code
  - From: Tom Tromey
- Re: safety of GCJ-generated code
  - From: Per Bothner

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]