'errbuf' assumes itself will be zero terminated, and it also assumes
cpnative_getErrorString() may get larger length string than 'errbuf'.
So after strncpy(), 'errbuf' may not be zero terminated.
strncpy() is sure of zero pad, but not be sure of zero terminated.
Signed-off-by: Chen Gang <gang.chen.5...@gmail.com>
---
libjava/classpath/native/jni/java-lang/java_lang_VMProcess.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libjava/classpath/native/jni/java-lang/java_lang_VMProcess.c
b/libjava/classpath/native/jni/java-lang/java_lang_VMProcess.c
index a6076f2..0972a5e 100644
--- a/libjava/classpath/native/jni/java-lang/java_lang_VMProcess.c
+++ b/libjava/classpath/native/jni/java-lang/java_lang_VMProcess.c
@@ -210,6 +210,7 @@ Java_java_lang_VMProcess_nativeSpawn (JNIEnv * env, jobject
this,
if (err != 0)
{
strncpy(errbuf, cpnative_getErrorString (err), sizeof(errbuf));
+ errbuf[sizeof(errbuf) - 1] = '\0';
goto system_error;
}
--
1.7.11.7
