Hi, when running coverity checks on src/jdk.crypto.ec/share/native/libsunec/impl/ecdecode.c we had a finding that potentially the buffer "genenc" in function "gf_populate_params" could be exceeded as the length of input strings for the strcat operations is not checked. A check to satisfy coverity could look like: http://cr.openjdk.java.net/~goetz/webrevs/ecdecode-strlen/webrev.01/
However, I'm not sure if that is really valuable. The data used for the strcat operations is defined rather statically in ecl-curve.h and as of now the buffer would not be exceeded in any case. Any opinions about this check? Best regards Christoph
