buffer overflow possible in CNI string-handling code?

[Adam Megacz]

Hey, I have a lot of CNI code like this:

    char buf2[text->length() + 1];
    buf2[text->length()] = '\0';
    JvGetStringUTFRegion(text, 0, text->length(), buf2);

If a malicious user sends a huge string for 'text'1, will the
allocation of buf2 notice that text->length() > stacksize, and refuse
to proceed (either a crash or an exception is acceptable)?. I'm just
concerned about people writing over code regions this way.

  - a

-- 
"If I put copyrighted material into the 'chewy nougat center', I can
 claim the crunchy chocolate coating is an 'Access Control
 Mechanism'."                                     --lynx_user_abroad

Why Windows NT/2k/XP is unreliable: www.zappadoodle.com