buffer overflow possible in CNI string-handling code?
Adam Megacz
gcj@lists.megacz.com
Mon Mar 11 14:27:00 GMT 2002
Hey, I have a lot of CNI code like this:
char buf2[text->length() + 1];
buf2[text->length()] = '\0';
JvGetStringUTFRegion(text, 0, text->length(), buf2);
If a malicious user sends a huge string for 'text'1, will the
allocation of buf2 notice that text->length() > stacksize, and refuse
to proceed (either a crash or an exception is acceptable)?. I'm just
concerned about people writing over code regions this way.
- a
--
"If I put copyrighted material into the 'chewy nougat center', I can
claim the crunchy chocolate coating is an 'Access Control
Mechanism'." --lynx_user_abroad
Why Windows NT/2k/XP is unreliable: www.zappadoodle.com
More information about the Java
mailing list