openjdk team mailing list archive

Thread
Date

[Bug 552287] Re: IcedTea6 1.8pre (6b18~pre3-0ubuntu1) buffer overflow, possible crasher

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <552287@xxxxxxxxxxxxxxxxxx>
Date: Wed, 31 Mar 2010 09:10:09 -0000
Reply-to: Bug 552287 <552287@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package openjdk-6 - 6b18~pre4-0ubuntu2

---------------
openjdk-6 (6b18~pre4-0ubuntu2) lucid; urgency=low

  * Fix typo in NPPlugin code. LP: #552287.
 -- Matthias Klose <doko@xxxxxxxxxx>   Wed, 31 Mar 2010 10:41:11 +0200

** Changed in: openjdk-6 (Ubuntu)
       Status: Triaged => Fix Released

-- 
IcedTea6 1.8pre (6b18~pre3-0ubuntu1) buffer overflow, possible crasher
https://bugs.launchpad.net/bugs/552287
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.

Status in “openjdk-6” package in Ubuntu: Fix Released

Bug description:
See Mozilla bug https://bugzilla.mozilla.org/show_bug.cgi?id=555342.

(Apologies for this report, I'm not the person who discovered this bug and am relaying the discoverer's information.)

1) Ubuntu 10.04 b1
2) IcedTea6 1.8pre (6b18~pre3-0ubuntu1)
3) No buffer overflow
4) Buffer overflow

See the steps to reproduce in the Mozilla bug; the buffer overflow is more dramatic in Firefox nightlies with out-of-process plugins because it always results in a crash in the plugin subprocesses.  It will only sometimes result in a crash of the Firefox process.

It's easier to just paste a fix for this bug than describe it more.  The diff is against http://icedtea.classpath.org/hg/icedtea6 revision 911fc7449289.

Marking security vulnerability for safety; I think this would be hard to exploit.