openjdk team mailing list archive

Thread
Date

[Bug 552287] Re: IcedTea6 1.8pre (6b18~pre3-0ubuntu1) buffer overflow, possible crasher

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: Matthias Klose <matthias.klose@xxxxxxxxxxxxx>
Date: Wed, 31 Mar 2010 10:55:21 -0000
Reply-to: Bug 552287 <552287@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Re: https://bugzilla.mozilla.org/show_bug.cgi?id=555342#c24

the fix is in IcedTea and uploaded to lucid.

(3) afaik FC12 does use the IcedTeaPlugin.cc, not the
IcedTeaNPPlugin.cc. The former is not affected.

No release enables the IcedTeaNPPlugin.cc by default.


** Bug watch added: Mozilla Bugzilla #555342
   https://bugzilla.mozilla.org/show_bug.cgi?id=555342

-- 
IcedTea6 1.8pre (6b18~pre3-0ubuntu1) buffer overflow, possible crasher
https://bugs.launchpad.net/bugs/552287
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.

Status in “openjdk-6” package in Ubuntu: Fix Released

Bug description:
See Mozilla bug https://bugzilla.mozilla.org/show_bug.cgi?id=555342.

(Apologies for this report, I'm not the person who discovered this bug and am relaying the discoverer's information.)

1) Ubuntu 10.04 b1
2) IcedTea6 1.8pre (6b18~pre3-0ubuntu1)
3) No buffer overflow
4) Buffer overflow

See the steps to reproduce in the Mozilla bug; the buffer overflow is more dramatic in Firefox nightlies with out-of-process plugins because it always results in a crash in the plugin subprocesses.  It will only sometimes result in a crash of the Firefox process.

It's easier to just paste a fix for this bug than describe it more.  The diff is against http://icedtea.classpath.org/hg/icedtea6 revision 911fc7449289.

Marking security vulnerability for safety; I think this would be hard to exploit.