Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8146765

Buffer overflow in JOptionPane.showMessageDialog

    Details

      Description

      FULL PRODUCT VERSION :
      java version "1.8.0_66"
      Java(TM) SE Runtime Environment (build 1.8.0_66-b17)
      Java HotSpot(TM) 64-Bit Server VM (build 25.66-b17, mixed mode)

      ADDITIONAL OS VERSION INFORMATION :
      Linux Flapjack 3.16.0-38-generic #52~14.04.1-Ubuntu SMP Fri May 8 09:43:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

      EXTRA RELEVANT SYSTEM CONFIGURATION :
      Linux Mint's Cinnamon Desktop Environment

      A DESCRIPTION OF THE PROBLEM :
      I was originally checking to see if I was catching the proper exception since I never got an exception for numbers which were obviously invalid doubles. Once I got the numbers large enough by copying and pasting them, I ran the test again and Cinnamon crashed. The only way that could happen is with a buffer overflow issue, and I don't have any way to catch an exception for it. (To my knowledge)

      After Cinnamon restarted in it's default mode, I saw the Java program still active with the message dialog from JOptionPane.showMessageDialog() and it showed the huge result. Somewhere during the process, that error occurred.

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      1. Pass a huge String number through Double.parseDouble().
      2. Multiply the number repeatedly by itself.
      3. Send the output to the JOptionPane.showMessageDialog().
      4. Watch it crash Cinnamon. (Potentially every environment due to what's actually taking place)

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      Throw an exception for an invalid double or math operation (ArithmeticException?)
      ACTUAL -
      Crashes the desktop environment

      REPRODUCIBILITY :
      This bug can be reproduced always.

      ---------- BEGIN SOURCE ----------
      https://gist.github.com/cozylife/623e31d3d3a4aa3a4cc5
      ---------- END SOURCE ----------

        Attachments

          Activity

            People

            • Assignee:
              alitvinov Anton Litvinov
              Reporter:
              webbuggrp Webbug Group
            • Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: