Dear all, please take a look at this small change:
Bug: https://bugs.openjdk.java.net/browse/JDK-8165936 Webrev: http://cr.openjdk.java.net/~stuefe/webrevs/8165936-Potential-Heap-buffer-overflow-when-seaching-timezone-info-files/webrev.00/webrev/ readdir_r is used to iterate over the content of a system directory, but the buffer passed to it is too small: Its size should include the size of the dirent structure itself (minus the d_name member). The fix also now checks the return code of pathconf(), and if pathconf() returns an error, falls back to the NAME_MAX compile time constant. Finally, it imposes a minimum size for the buffer, because on older System V systems NAME_MAX may be surprisingly small and readdir_r will not check the output buffer size. I think it is better to err on the safe side here. Kind Regards, Thomas