This is the mail archive of the java@gcc.gnu.org mailing list for the Java project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: safety of GCJ-generated code

From: Per Bothner <per at bothner dot com>
To: Adam Megacz <gcj at lists dot megacz dot com>
Cc: java at gcc dot gnu dot org
Date: Mon, 17 Dec 2001 10:18:57 -0800
Subject: Re: safety of GCJ-generated code
References: <863d29spzo.fsf@megacz.com>

Adam Megacz wrote:

> Is GCJ-compiled code "safe" in the sense that no malicious input to a
> program can possibly cause it to crash or jump to memory locations
> that aren't part of its code? (ie buffer overflows, stack-busting). By
> crash, I mean something beyond an uncaught exception.


I believe so.  However, there are a couple areas where the
verifier is known to be incomplete:  Verifying of interface
calls, and that constructors are called on newly-allocated
objects.  (There may be others.)
-- 
	--Per Bothner
per@bothner.com   http://www.bothner.com/per/

References:
- safety of GCJ-generated code
  - From: Adam Megacz

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]