Expanded Scope? (Java GIF Bug)
flag
Messages 1 - 10 of 11 - Collapse all
/groups/adfetch?adid=n3pctg4AAACFRv_pwC5r4UrspI37uTKN
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
1.  Landon Fuller  
View profile  
 More options Jan 19 2007, 1:34 pm
From: Landon Fuller <land...@macports.org>
Date: Fri, 19 Jan 2007 10:34:46 -0800
Local: Fri, Jan 19 2007 1:34 pm
Subject: Expanded Scope? (Java GIF Bug)
Print | Individual message | Show original | Report this message | Find messages by this author

What happens to "MoAB Fixes" when the Month of Apple Bugs is over? Is  
there value in providing "0-day patches" for other critical issues?

Case in point is the Java GIF bug:
        http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1

Rolling a new Java release is an expensive process, least of all due  
to the particularly complex testing procedure required of Sun  
licensees; it's difficult to say how soon an update will be available.
What do you think? Does the group have a life beyond the Month of  
Apple Bugs?

-landonf

  PGP.sig
< 1K Download

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
2.  Colin Barrett  
View profile  
 More options Jan 19 2007, 2:42 pm
From: Colin Barrett <tim...@lava.net>
Date: Fri, 19 Jan 2007 11:42:35 -0800
Local: Fri, Jan 19 2007 2:42 pm
Subject: Re: [moabfixes] Expanded Scope? (Java GIF Bug)
Print | Individual message | Show original | Report this message | Find messages by this author
On Jan 19, 2007, at 10:34 AM, Landon Fuller wrote:

> What happens to "MoAB Fixes" when the Month of Apple Bugs is over?  
> Is there value in providing "0-day patches" for other critical issues?

> Case in point is the Java GIF bug:
>    http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1

> Rolling a new Java release is an expensive process, least of all due  
> to the particularly complex testing procedure required of Sun  
> licensees; it's difficult to say how soon an update will be available.
> What do you think? Does the group have a life beyond the Month of  
> Apple Bugs?

It's true that there are a number of people on this list interested  
in, and experienced at, dealing with security issues.

I would suggest establishing some better ground rules about what's on  
topic  etc. You don't even need to change the name though ;) moab  
could also stand for "Mother of all Bugs" -- because a security flaw  
really is the worst and most damaging kind of bug for your product.

I do think that the community being able to provide "0-day patches" is  
useful. As someone who hasn't been particularly involved on the  
technical side (although that is mostly because I've been swamped with  
other things), I can't say one way or the other if it would be worth  
the effort. It is fun to observe the group, and I think people are  
interested in it.

If I can find time, I wouldn't mind coding up an extensible prefpane  
for this sort of thing -- to "install" a new moab-patch, you double  
click a bundle and the prefpane then copies it somewhere and allows  
you to manage it -- on, off, detect wether or not the sunset  
provisions have taken effect, things like that. That would probably  
realistically be happening at the end of the MoAB (but if the group  
continues, it will probably happen eventually).

-Colin


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
3.  William A. Carrel  
View profile  
 More options Jan 19 2007, 3:22 pm
From: "William A. Carrel" <willia...@carrel.org>
Date: Fri, 19 Jan 2007 12:22:07 -0800
Local: Fri, Jan 19 2007 3:22 pm
Subject: Re: [moabfixes] Expanded Scope? (Java GIF Bug)
Print | Individual message | Show original | Report this message | Find messages by this author
There certainly seems to be utility in projects such as ZERT, which
seems to be Windows-focussed. Most open source projects already have a
thriving community which can deal with these things. It wouldn't hurt
the Mac community to have this too, that is as long as the user
community can deal with the situation in a way that doesn't include
shooting the messenger or decrying "unofficial" fixes.

On 1/19/07, Landon Fuller <land...@macports.org> wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
4.  Landon Fuller  
View profile  
 More options Jan 20 2007, 1:37 am
From: Landon Fuller <land...@bikemonkey.org>
Date: Fri, 19 Jan 2007 22:37:12 -0800
Local: Sat, Jan 20 2007 1:37 am
Subject: Re: [moabfixes] Re: Expanded Scope? (Java GIF Bug)
Print | Individual message | Show original | Report this message | Find messages by this author

Here's a test case for the Java GIF issue (this will crash your  
browser):
        http://landonf.bikemonkey.org/static/moab-tests/extra/javagif.html

This test case is only a denial-of-service; I hacked up ImageMagick  
to generate a GIF with a 0-width image block, and thus there's no  
payload.

The issue is with Java's Java_sun_awt_image_GifImageDecoder_parseImage
(); it allocates a block buffer based on the provided width; when the  
width starts at zero, a too small buffer is allocated. Pseudo  
implementation:

        width = 0;

        if (--width == 0) {
                // Moving to the next scanline occurs here
                return;
        }

        // Width is now negative, too small buffer will be allocated

The function receives the width as a parameter:
JNIEXPORT jboolean JNICALL
Java_sun_awt_image_GifImageDecoder_parseImage(JNIEnv *env,
                                               jobject this,
                                               jint relx, jint rely,
                                               jint width, jint height,
                                               jint interlace,
                                               jint initCodeSize,
                                               jbyteArray blockh,
                                               jbyteArray raslineh,
                                               jobject cmh)

Seems like the easiest fix it to check for width == 0, and if so, and  
throw an immediate JNU_ThrowArrayIndexOutOfBoundsException(), which  
is handled by the caller.

-landonf

  PGP.sig
< 1K Download

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
5.  Landon Fuller  
View profile  
 More options Jan 20 2007, 1:39 am
From: Landon Fuller <land...@bikemonkey.org>
Date: Fri, 19 Jan 2007 22:39:10 -0800
Local: Sat, Jan 20 2007 1:39 am
Subject: Re: [moabfixes] Re: Expanded Scope? (Java GIF Bug)
Print | Individual message | Show original | Report this message | Find messages by this author

On Jan 19, 2007, at 10:37 PM, Landon Fuller wrote:

>    // Width is now negative, too small buffer will be allocated

Er, sorry. Was already allocated, and will now be used. Whoops.

-landonf

  PGP.sig
< 1K Download

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
6.  Landon Fuller  
View profile  
 More options Jan 20 2007, 3:22 am
From: Landon Fuller <land...@bikemonkey.org>
Date: Sat, 20 Jan 2007 00:22:59 -0800
Local: Sat, Jan 20 2007 3:22 am
Subject: Re: [moabfixes] Re: Expanded Scope? (Java GIF Bug)
Print | Individual message | Show original | Report this message | Find messages by this author

Fix for the issue committed:
        http://moab-fixes.googlecode.com/svn/trunk/javagif_handler.c

Still needs version number checking -- I'm in the middle of factoring  
that out to get rid of a bunch of duplicate code shared between the  
patches.

-landonf

On Jan 19, 2007, at 10:37 PM, Landon Fuller wrote:

  PGP.sig
< 1K Download

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
7.  frozenINcarbonite  
View profile  
 More options Jan 20 2007, 2:36 pm
From: "frozenINcarbonite" <adr...@gosquareone.com>
Date: Sat, 20 Jan 2007 11:36:58 -0800
Local: Sat, Jan 20 2007 2:36 pm
Subject: Re: Expanded Scope? (Java GIF Bug)
Print | Individual message | Show original | Report this message | Find messages by this author
So they have released fixes for the other operating systems, but not
for OS X? Is it that hard to implement a fix for OS X?

On Jan 20, 3:22 am, Landon Fuller <land...@bikemonkey.org> wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
8.  Landon Fuller  
View profile  
 More options Jan 20 2007, 2:45 pm
From: Landon Fuller <land...@bikemonkey.org>
Date: Sat, 20 Jan 2007 11:45:21 -0800
Local: Sat, Jan 20 2007 2:45 pm
Subject: Re: [moabfixes] Re: Expanded Scope? (Java GIF Bug)
Print | Individual message | Show original | Report this message | Find messages by this author

On Jan 20, 2007, at 11:36 AM, frozenINcarbonite wrote:

> So they have released fixes for the other operating systems, but not
> for OS X? Is it that hard to implement a fix for OS X?

Sun only officially supports Solaris, Linux and Windows. Other  
platforms are licensed, ported, and supported by their vendors; eg,  
Apple, FreeBSD, etc.
It's up to the individual vendor to patch and release a new version  
of their JRE/JDK.

-landonf

  PGP.sig
< 1K Download

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
9.  frozenINcarbonite  
View profile  
 More options Jan 20 2007, 3:57 pm
From: "frozenINcarbonite" <adr...@gosquareone.com>
Date: Sat, 20 Jan 2007 12:57:37 -0800
Local: Sat, Jan 20 2007 3:57 pm
Subject: Re: Expanded Scope? (Java GIF Bug)
Print | Individual message | Show original | Report this message | Find messages by this author
oh ok, so that's why those Java updates come through Software Update?

On Jan 20, 2:45 pm, Landon Fuller <land...@bikemonkey.org> wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
10.  Landon Fuller  
View profile  
 More options Jan 20 2007, 4:03 pm
From: Landon Fuller <land...@bikemonkey.org>
Date: Sat, 20 Jan 2007 13:03:44 -0800
Local: Sat, Jan 20 2007 4:03 pm
Subject: Re: [moabfixes] Re: Expanded Scope? (Java GIF Bug)
Print | Individual message | Show original | Report this message | Find messages by this author

On Jan 20, 2007, at 12:57 PM, frozenINcarbonite wrote:

> oh ok, so that's why those Java updates come through Software Update?

Exactly =)

  PGP.sig
< 1K Download

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google