| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Mar 29 04:30:53 2006
From: michaelslists at gmail.com (michaelslists@...il.com)
Subject: 4 Questions: Latest IE vulnerability,
Firefox vs IE security, User vs Admin risk profile,
and browsers coded in 100% Managed Verifiable code
No you dont.
Arrays are all bounds checked; ..., that is, the following code will
throw an exception:
================================
class Foo {
static {
int[] m = new int[2];
System.out.println(m[34]);
}
}
================================
What do you mean by "overflow"? Do you mean this?
================================
class Foo {
static {
int m = Integer.MAX_VALUE;
int k = Integer.MAX_VALUE + Integer.MAX_VALUE;
System.out.println(m);
System.out.println(k);
System.exit(0);
}
}
================================
if so, I don't see how that is an issue.
-- Michael
On 3/29/06, Andrew van der Stock <vanderaj@...ebo.net> wrote:
> This is not quite true.
>
> Java does not prevent integer overflows (it will not throw an
> exception). So you still have to be careful about array indexes.
>
> Andrew
>
> On 29/03/2006, at 12:49 PM, michaelslists@...il.com wrote:
>
> > no, a browser written in java would not have buffer overflow/stack
> > issues. the jvm is specifically designed to prevent it ...
> >
> > -- Michael
>
>
>
Powered by blists - more mailing lists