Hi,
I have come accross this page http://www.gzip.org/zlib/apps.html that claims
kaffe uses zlib and thus might be vulnerable to the recently uncovered zlib
security bug: http://www.cert.org/advisories/CA-2002-07.html
Is kaffe using a statically linked version (i.e. is the heavily hacked
They test kaffe using it here.
http://www.shudo.net/jit/perf/
There are some issues (can't load it as an applet, needs a larger heap).
Maybe we can order a copy for kaffe.org and put it on the server? I'm sure
TVT will spot the $50 or $100 bucks. Interested in that?
Cheers,
- Jim
-
I think kaffe can be built either dynamically, or statically.
It looks like the double free() is in the decompression code, so if somebody
constructed a malicious jar or zip file and used kaffe to run this untrusted
code, it could be a problem, depending on the operating system.
Of course,
howdy,
So, as you might've seen we just released a new version of the JanosVM,
which is a modded version of Kaffe. For the most part we haven't changed
much in the original code base, but there have been a number of fixes and
added features that would be nice to port back to Kaffe.
I have grabbed a fresh checkout from CVS a couple of hours ago and have
built Kaffe on linux-ppc. Everything compiled OK, but the resulting
version of kaffe didn't seem to work.
I have invoked kaffe with '-vmdebug NATIVELIB' enabled; the problem was
a missing native (??) implementation of
On Sunday 17 March 2002 18:01, Ito Kazumitsu wrote:
Now KJC 2.1A has been released. But when I tried to rebuild
Klasses.jar with KJC 2.1A, I got the following message:
/bin/sh ./rebuildLib
Compiling classes ...
java/util/Hashtable.java:169: error:Class Entry is not accessible [JLS
6.6.1]
On Monday 18 March 2002 22:34, Carlos Valiente wrote:
I have grabbed a fresh checkout from CVS a couple of hours ago and have
built Kaffe on linux-ppc. Everything compiled OK, but the resulting
version of kaffe didn't seem to work.
I have invoked kaffe with '-vmdebug NATIVELIB' enabled; the