WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code

From: michaelslists () gmail com
Date: Wed, 29 Mar 2006 14:30:43 +1100
No you dont.

Arrays are all bounds checked; ..., that is, the following code will
throw an exception:

================================
class Foo {
  static {
    int[] m = new int[2];
    System.out.println(m[34]);
  }
}
================================


What do you mean by "overflow"? Do you mean this?

================================
class Foo {
  static {
    int m = Integer.MAX_VALUE;
    int k = Integer.MAX_VALUE + Integer.MAX_VALUE;
    System.out.println(m);
    System.out.println(k);
    System.exit(0);
  }
}
================================

if so, I don't see how that is an issue.

-- Michael



On 3/29/06, Andrew van der Stock <vanderaj () greebo net> wrote:

This is not quite true.

Java does not prevent integer overflows (it will not throw an
exception). So you still have to be careful about array indexes.

Andrew

On 29/03/2006, at 12:49 PM, michaelslists () gmail com wrote:


no, a browser written in java would not have buffer overflow/stack
issues. the jvm is specifically designed to prevent it ...

-- Michael






-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: