This is the mail archive of the java-patches@gcc.gnu.org mailing list for the Java project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Patch for Review: JvGetStringUTFChars

On Wednesday, Aug 13, 2003, at 19:52 Pacific/Auckland, Mohan Embar wrote:

After careful consideration, I've decided not to go with Bryce's
suggestion of checking buffer size:

http://gcc.gnu.org/ml/java-patches/2003-q3/msg00308.html

...because:

- this would involve an additional call to JvGetStringUTFLength
  for bounds checking

It is going to leave application code vunerable buffer overrun bugs in user code if they do not call JvGetStringUTFLength, so you are shifting the responsibility of doing this onto the user. If you are making the user do the JvGetStringUTFLength call then this new call doesn't make life much easier for anybody. I thought the point of it was to reduce the amount of code people have to write to convert strings?

- JvGetStringUTFRegion does not do this bounds checking either

JvGetStringUTFRegion cannot be safely used without a corresponding call to JvGetStringUTFLength. If its being used somewhere without one then that is a serious bug.

- the caller can call JvGetStringUTFLength beforehand if s/he wants to

They MUST do so. I'm sure your aware of what happens when code that fails to check bounds ends web servers and such. I'm sure someone will want to run a web server on GCJ some day.

- the _Jv_TempUTFString class and JV_TEMP_UTF_STRING macro
  (subsequent patch) will also shield us from this

Seems like these are two solutions to the same problem. Why do we need both?

Regards

Bryce

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]