changeset 4302:026adaac71f1

7012520: Heap overflow vulnerability in FileDialog.show() Reviewed-by: art, anthony
author dcherepanov
date Fri, 25 Feb 2011 15:54:54 +0300
parents ccb2fcfb6d6b
children d489f00d6c65
files src/windows/native/sun/windows/awt_FileDialog.cpp
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/windows/native/sun/windows/awt_FileDialog.cpp	Fri Feb 18 13:31:57 2011 +0000
+++ b/src/windows/native/sun/windows/awt_FileDialog.cpp	Fri Feb 25 15:54:54 2011 +0300
@@ -285,7 +285,7 @@
         file = (jstring)env->GetObjectField(target, AwtFileDialog::fileID);
         if (file != NULL) {
             LPCTSTR tmp = JNU_GetStringPlatformChars(env, file, NULL);
-            _tcscpy(fileBuffer, tmp);
+            _tcsncpy(fileBuffer, tmp, bufferLimit - 2); // the fileBuffer is double null terminated string
             JNU_ReleaseStringPlatformChars(env, file, tmp);
         } else {
             fileBuffer[0] = _T('\0');