--- old/src/share/bin/java.c Wed May 1 12:23:09 2013 +++ new/src/share/bin/java.c Wed May 1 12:23:08 2013 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1995, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -434,7 +434,7 @@ * consistent in the UI we need to track and report the application main class. */ appClass = GetApplicationClass(env); - NULL_CHECK(appClass); + NULL_CHECK_RV(appClass, -1); /* * PostJVMInit uses the class name as the application name for GUI purposes, * for example, on OSX this sets the application name in the menu bar for --- old/src/share/bin/java.h Wed May 1 12:23:12 2013 +++ new/src/share/bin/java.h Wed May 1 12:23:12 2013 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -242,14 +242,13 @@ InvocationFunctions ifn; } JavaMainArgs; -#define NULL_CHECK0(e) if ((e) == 0) { \ +#define NULL_CHECK_RV(e, rv) if ((e) == 0) { \ JLI_ReportErrorMessage(JNI_ERROR); \ - return 0; \ + return rv; \ } -#define NULL_CHECK(e) if ((e) == 0) { \ - JLI_ReportErrorMessage(JNI_ERROR); \ - return; \ - } +#define NULL_CHECK0(e) NULL_CHECK_RV(e, 0) +#define NULL_CHECK(e) NULL_CHECK_RV(e, ) + #endif /* _JAVA_H_ */ --- old/src/share/bin/wildcard.c Wed May 1 12:23:15 2013 +++ new/src/share/bin/wildcard.c Wed May 1 12:23:14 2013 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -136,8 +136,10 @@ { WildcardIterator it = NEW_(WildcardIterator); HANDLE handle = FindFirstFile(wildcard, &find_data); - if (handle == INVALID_HANDLE_VALUE) + if (handle == INVALID_HANDLE_VALUE) { + JLI_MemFree(it); return NULL; + } it->handle = handle; it->firstFile = find_data.cFileName; return it; --- old/src/solaris/bin/jexec.c Wed May 1 12:23:17 2013 +++ new/src/solaris/bin/jexec.c Wed May 1 12:23:16 2013 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -90,6 +90,7 @@ static const char * BAD_EXEC_MSG = "jexec failed"; static const char * CRAZY_EXEC_MSG = "missing args"; static const char * MISSING_JAVA_MSG = "can't locate java"; +static const char * BAD_ARG_MSG = "incorrect number of arguments"; #ifdef __linux__ static const char * BAD_PATHNAME_MSG = "invalid path"; static const char * BAD_FILE_MSG = "invalid file"; @@ -156,6 +157,7 @@ const char ** nargv = NULL; /* new args array */ int nargc = 0; /* new args array count */ int argi = 0; /* index into old array */ + size_t alen = 0; /* length of new array */ /* Make sure we have something to work with */ if ((argc < 1) || (argv == NULL)) { @@ -168,8 +170,11 @@ if (getJavaPath(argv[argi++], java, RELATIVE_DEPTH) != 0) { errorExit(errno, MISSING_JAVA_MSG); } - - nargv = (const char **) malloc((argc + 2) * (sizeof (const char *))); + alen = (argc + 2) * (sizeof (const char *)); + if (alen <= 0 || alen > INT_MAX / sizeof(char *)) { + errorExit(3, BAD_ARG_MSG); + } + nargv = (const char **) malloc(alen); nargv[nargc++] = java; #ifdef __linux__