Secure Coding mailing list archives

By default, the Verifier is disabled on .Net and Java

From: tholleb at teknowledge.com (Tim Hollebeek)
Date: Thu, 4 May 2006 10:58:21 -0700

$ java -cp . -noverify HelloWorld
#
# An unexpected error has been detected by HotSpot Virtual Machine:
#
#  EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x6d7415fb, 
pid=3512, tid=2260 # # Java VM: Java HotSpot(TM) Client VM 
(1.5.0_06-b05 mixed mode) # Problematic frame:
# V  [jvm.dll+0x615fb]



Note that EXCEPTION_ACCESS_VIOLATION is the Windows equivalent of a
segmentation violation; this isn't the Verifier complaining, it's
the JVM crashing.

The fact that editing the .class file allows you to produce one that
causes the JVM to crash is pretty strong evidence the verifier was
NOT used to validate the file.

Tim Hollebeek
Research Scientist
Teknowledge Corp.

Current thread:

By default, the Verifier is disabled on .Net and Java, (continued)
- - - By default, the Verifier is disabled on .Net and Java Michael Silk (May 12)
- By default, the Verifier is disabled on .Net and Java Stephen de Vries (May 03)
  - By default, the Verifier is disabled on .Net and Java Dinis Cruz (May 08)
    - By default, the Verifier is disabled on .Net and Java Michael Silk (May 08)
    - By default, the Verifier is disabled on .Net and Java Stephen de Vries (May 10)
    - By default, the Verifier is disabled on .Net and Java Dinis Cruz (May 12)
    - By default, the Verifier is disabled on .Net and Java Stephen de Vries (May 13)
- By default, the Verifier is disabled on .Net and Java Wall, Kevin (May 02)
  - By default, the Verifier is disabled on .Net and Java David Eisner (May 03)
    - By default, the Verifier is disabled on .Net and Java Dinis Cruz (May 03)
    - By default, the Verifier is disabled on .Net and Java Tim Hollebeek (May 04)
    - By default, the Verifier is disabled on .Net and Java Dinis Cruz (May 12)
- By default, the Verifier is disabled on .Net and Java Wall, Kevin (May 03)
  - By default, the Verifier is disabled on .Net and Java Michael Silk (May 03)
  - By default, the Verifier is disabled on .Net and Java Dinis Cruz (May 03)
    - By default, the Verifier is disabled on .Net and Java David Eisner (May 04)
    - By default, the Verifier is disabled on .Net and Java Stephen de Vries (May 04)
  - By default, the Verifier is disabled on .Net and Java Dinis Cruz (May 03)
    - By default, the Verifier is disabled on .Net and Java Michael Silk (May 04)
- By default, the Verifier is disabled on .Net and Java Gary McGraw (May 04)
- By default, the Verifier is disabled on .Net and Java David Eisner (May 04)

(Thread continues...)