[Bug 391375] Re: [MIR] llvm

Kees Cook kees at ubuntu.com
Mon Jul 13 21:05:07 UTC 2009


Ah, if it's compiled separately from openjdk, that's fine.  If a binary
package is produced during the openjdk build, from llvm sources, then
no.  Cursory review of code found at least a few glitches:

lib/System/Unix/Path.inc Path::eraseFromDisk does not safely remove directories recursively since it uses an unescaped "system" command:
    std::string cmd = "/bin/rm -rf " + path;
    if (system(cmd.c_str()) != 0) {

this should be correctly handled with a fork/exec of "rm", "-rf", "--",
path.

I'm also worried about
lib/ExecutionEngine/Interpreter/ExternalFunctions.cpp  lle_X_sprintf
which does a mess of unbound-checked sprintf and strcpy work, especially
to the final output buffer.

I'm not excited about this package going into main, especially if built
without FORTIFY_SOURCE.

-- 
[MIR] llvm
https://bugs.launchpad.net/bugs/391375
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs




More information about the universe-bugs mailing list