infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-02-14 04:15:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

6830335: Java JAR Pack200 Decompression Integer Overflow Vulnerability

Browse Source 
Fixes a potential vulnerability in the unpack200 logic, by adding extra checks, a back-port.

Reviewed-by: asaha
This commit is contained in:
Kumar Srinivasan 2009-06-22 07:23:20 -07:00
parent 68d0756ea6
commit d92c74443f
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
View File

@ -908,10 +908,12 @@ void cpool::init(unpacker* u_, int counts[NUM_COUNTS]) {
// place a limit on future CP growth:
int generous = 0;
generous += u->ic_count*3; // implicit name, outer, outer.utf8
generous += 40; // WKUs, misc
generous += u->class_count; // implicit SourceFile strings
maxentries = nentries + generous;
generous = add_size(generous, u->ic_count); // implicit name
generous = add_size(generous, u->ic_count); // outer
generous = add_size(generous, u->ic_count); // outer.utf8
generous = add_size(generous, 40); // WKUs, misc
generous = add_size(generous, u->class_count); // implicit SourceFile strings
maxentries = add_size(nentries, generous);
// Note that this CP does not include "empty" entries
// for longs and doubles. Those are introduced when