Line 137: The declaration of "min" cannot follow statements (not all
platforms support C99). It has to move up around line 131.
Naoto
On 9/13/16 5:28 PM, Naoto Sato wrote:
Hi Thomas,
Another cosmetic comment: please use 4 space indentation inside those
"if" clauses. Otherwise, +1.
Naoto
On 9/13/16 7:49 AM, Thomas Stüfe wrote:
Hi Christoph, thanks for your review! Yes, I can remove the blank.
Kind Regards, Thomas
On Tue, Sep 13, 2016 at 2:35 PM, Langer, Christoph
<christoph.lan...@sap.com
wrote:
Hi Thomas,
your change looks good. I'm also forwarding this to i18n-dev as
issues in
TimeZone implementation are mostly handled there.
One remark: Can you take the opportunity to also remove the blank
between
the cast and malloc in line 150: "(struct dirent64 *) malloc..."?
Unfortunately I'm no reviewer, so you still need an official review.
Best regards
Christoph
-----Original Message-----
From: core-libs-dev [mailto:core-libs-dev-boun...@openjdk.java.net] On
Behalf
Of Thomas Stüfe
Sent: Dienstag, 13. September 2016 12:54
To: Java Core Libs <core-libs-dev@openjdk.java.net>
Subject: RFR(xs): 8165936: Potential Heap buffer overflow when seaching
timezone info files
Dear all,
please take a look at this small change:
Bug: https://bugs.openjdk.java.net/browse/JDK-8165936
Webrev:
http://cr.openjdk.java.net/~stuefe/webrevs/8165936-
Potential-Heap-buffer-
overflow-when-seaching-timezone-info-files/webrev.00/webrev/
readdir_r is used to iterate over the content of a system directory,
but
the buffer passed to it is too small: Its size should include the
size of
the dirent structure itself (minus the d_name member).
The fix also now checks the return code of pathconf(), and if
pathconf()
returns an error, falls back to the NAME_MAX compile time constant.
Finally, it imposes a minimum size for the buffer, because on older
System
V systems NAME_MAX may be surprisingly small and readdir_r will not
check
the output buffer size. I think it is better to err on the safe side
here.
Kind Regards, Thomas
