[Bug 391375] Re: [MIR] llvm
Kees Cook
kees at ubuntu.com
Mon Jul 13 21:05:07 UTC 2009
Ah, if it's compiled separately from openjdk, that's fine. If a binary
package is produced during the openjdk build, from llvm sources, then
no. Cursory review of code found at least a few glitches:
lib/System/Unix/Path.inc Path::eraseFromDisk does not safely remove directories recursively since it uses an unescaped "system" command:
std::string cmd = "/bin/rm -rf " + path;
if (system(cmd.c_str()) != 0) {
this should be correctly handled with a fork/exec of "rm", "-rf", "--",
path.
I'm also worried about
lib/ExecutionEngine/Interpreter/ExternalFunctions.cpp lle_X_sprintf
which does a mess of unbound-checked sprintf and strcpy work, especially
to the final output buffer.
I'm not excited about this package going into main, especially if built
without FORTIFY_SOURCE.
--
[MIR] llvm
https://bugs.launchpad.net/bugs/391375
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list