#315 Java STRING_OUT typemap could use uninitialized memory

closed-accepted
None
5
2012-05-11
2012-05-01
Leo Davis
No

I noticed that the STRING_OUT typemap could possibly reference uninitialized memory:

char **arg1 = (char **) 0 ;
char *temp1 ; // here's the uninitialized memory
...
arg1 = &temp1; // we point at the uninitialized memory
}
result = (int)foo(arg1); // foo() takes a code path that does not set up *arg1, like returning immediately
jresult = (jint)result;
{
jstring jnewstring = NULL;
if (arg1) {
jnewstring = (*jenv)->NewStringUTF(jenv, *arg1); // construct a new string with the uninitialized memory
}
...

The patch simply initializes the uninitialized memory. I'm assuming that NewStringUTF has some behavior with NULL besides a segfault.

Discussion

  • Leo Davis
    Leo Davis
    2012-05-01

     
    Attachments
  • Leo Davis
    Leo Davis
    2012-05-01

    Input file showing the bug.

     
    Attachments
  • William Fulton
    William Fulton
    2012-05-11

    • assigned_to: nobody --> wsfulton
    • status: open --> closed-accepted
     
  • William Fulton
    William Fulton
    2012-05-11

    Thanks. Added for swig-2.0.7.