openjdk team mailing list archive

Thread
Date

[Bug 552287] Re: IcedTea6 1.8pre (6b18~pre3-0ubuntu1) buffer overflow, possible crasher

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: Kees Cook <kees@xxxxxxxxxx>
Date: Wed, 31 Mar 2010 06:50:28 -0000
Reply-to: Bug 552287 <552287@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Visibility changed to: Public

** This bug is no longer flagged as a security vulnerability

** Package changed: ubuntu => openjdk-6 (Ubuntu)

** Changed in: openjdk-6 (Ubuntu)
       Status: New => Confirmed

** Changed in: openjdk-6 (Ubuntu)
       Status: Confirmed => Triaged

** Changed in: openjdk-6 (Ubuntu)
   Importance: Undecided => Medium

-- 
IcedTea6 1.8pre (6b18~pre3-0ubuntu1) buffer overflow, possible crasher
https://bugs.launchpad.net/bugs/552287
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.

Status in “openjdk-6” package in Ubuntu: Triaged

Bug description:
See Mozilla bug https://bugzilla.mozilla.org/show_bug.cgi?id=555342.

(Apologies for this report, I'm not the person who discovered this bug and am relaying the discoverer's information.)

1) Ubuntu 10.04 b1
2) IcedTea6 1.8pre (6b18~pre3-0ubuntu1)
3) No buffer overflow
4) Buffer overflow

See the steps to reproduce in the Mozilla bug; the buffer overflow is more dramatic in Firefox nightlies with out-of-process plugins because it always results in a crash in the plugin subprocesses.  It will only sometimes result in a crash of the Firefox process.

It's easier to just paste a fix for this bug than describe it more.  The diff is against http://icedtea.classpath.org/hg/icedtea6 revision 911fc7449289.

Marking security vulnerability for safety; I think this would be hard to exploit.