Chris Hegarty wrote:
Alan,
In socketGetOption() function if the option is
java_net_SocketOptions_SO_BINDADDR the code allocates a
SOCKET_ADDRESS, him, structure on the stack. This structure is 8 bytes
long. 'len' is then set to sizeof(struct sockaddr_in) which is 16. If
it's an IPV6 socket the len could get set to sizeof(struct
SOCKADDR_IN6) which is 28 bytes. getsockname() is called with a
pointer to 'him' and len set as above. This could overwrite data on
the C stack.
You want to use is SOCKETADDRESS instead since that is a union of
sockaddr, sockaddr_in and SOCKADDR_IN6 so it is properly sized.
http://cr.openjdk.java.net/~chegar/7009760/webrev.00/webrev/
-Chris.
Looks okay to me.
-Alan.
