Vulnerability Development mailing list archives

Re: reverse engineer c or java

From: yinyang () EBURG COM (Gordon Messmer)
Date: Sun, 21 May 2000 10:29:19 -0700


Bluefish wrote:

Btw, on the topic of java! Has there been published any research upon
buffert overruns in java? I assume the class String is more or less
secure, but are there security concerns related to usage of e.g. arrays?


I beleive the VM handles this.  Java does not have malloc() and friends
available, and all arrays are static (that is, they can't be dynamically
resized).  Any attempt to access beyond the boundaries of an array do
not crash the application, they "throw an exception".  You aren't going
to write anything to the stack, or alter the memory space of anything
but the array.

It's kind of a nice feature  :)

MSG

Current thread:

Re: possible new "e-mail virus" concept ? + bypassing IE settings, (continued)
- - - Re: possible new "e-mail virus" concept ? + bypassing IE settings A.T.Z. (May 19)
    - chsh Segfault on FreeBSD 3.3 Fabio Pietrosanti (May 19)
    - reverse engineer c or java kj (May 19)
    - Re: reverse engineer c or java John Swensson (May 20)
    - Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER SMILER (May 20)
    - Re: Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER Blue Boar (May 20)
    - Re: Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER Stuart Henderson (May 22)
    - Re: reverse engineer c or java za () boo ma fu (May 20)
    - Outlook, HTML & VBS Joerg Weber (May 21)
    - Re: reverse engineer c or java Bluefish (May 21)
    - Re: reverse engineer c or java Gordon Messmer (May 21)
    - Re: reverse engineer c or java pantera () BALANCEPOINTGOLF COM (May 21)
    - Re: reverse engineer c or java Crispin Cowan (May 21)
    - Re: reverse engineer c or java Erik Debill (May 22)
    - Re: reverse engineer c or java za () boo ma fu (May 21)
    - Re: reverse engineer c or java Bluefish (May 22)
    - Re: reverse engineer c or java za () boo ma fu (May 22)
    - Re: reverse engineer c or java Bluefish (May 23)
    - Re: reverse engineer c or java Mark Rafn (May 20)
    - Re: reverse engineer c or java Pedro Hugo (May 20)
    - Re: reverse engineer c or java phazer (May 20)

(Thread continues...)