RubyUNIXSocket#recvfrom overflows temporary buffer

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: JRuby 1.5.6, JRuby 1.6RC1, JRuby 1.6RC2
Fix Version/s: JRuby 1.6RC3
Component/s: Extensions
Labels:
None

Number of attachments :
0

Description

org.jruby.ext.socket.RubyUnixSocket#recvfrom() allocates a fixed size native buffer of 1024 bytes, but then proceeds to read however many bytes the caller requested into that buffer.

so, a call of e.g. recvfrom(2048) could overflow the temporary buffer and crash the VM.

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Wayne Meissner added a comment - 14/Feb/11 4:26 AM

Now allocates a java heap buffer of exactly the size requested.

Show

Wayne Meissner added a comment - 14/Feb/11 4:26 AM Now allocates a java heap buffer of exactly the size requested.

Hide

Permalink

Charles Oliver Nutter added a comment - 14/Feb/11 11:24 AM

Maybe we should try to have a test or RubySpec that would exercise this? Ugly thing to leave untested...

Show

Charles Oliver Nutter added a comment - 14/Feb/11 11:24 AM Maybe we should try to have a test or RubySpec that would exercise this? Ugly thing to leave untested...

People

Assignee:

Wayne Meissner

Reporter:

Wayne Meissner

Vote (0)

Watch (0)

Dates

Created:

14/Feb/11 2:12 AM

Updated:

06/Aug/12 11:09 AM

Resolved:

14/Feb/11 4:26 AM