--- old/src/solaris/bin/jexec.c	Wed May  1 12:23:17 2013
+++ new/src/solaris/bin/jexec.c	Wed May  1 12:23:16 2013
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -90,6 +90,7 @@
 static const char * BAD_EXEC_MSG     = "jexec failed";
 static const char * CRAZY_EXEC_MSG   = "missing args";
 static const char * MISSING_JAVA_MSG = "can't locate java";
+static const char * BAD_ARG_MSG      = "incorrect number of arguments";
 #ifdef __linux__
 static const char * BAD_PATHNAME_MSG = "invalid path";
 static const char * BAD_FILE_MSG     = "invalid file";
@@ -156,6 +157,7 @@
     const char ** nargv = NULL;          /* new args array       */
     int           nargc = 0;             /* new args array count */
     int           argi  = 0;             /* index into old array */
+    size_t        alen  = 0;             /* length of new array */
 
     /* Make sure we have something to work with */
     if ((argc < 1) || (argv == NULL)) {
@@ -168,8 +170,11 @@
     if (getJavaPath(argv[argi++], java, RELATIVE_DEPTH) != 0) {
         errorExit(errno, MISSING_JAVA_MSG);
     }
-
-    nargv = (const char **) malloc((argc + 2) * (sizeof (const char *)));
+    alen = (argc + 2) * (sizeof (const char *));
+    if (alen <= 0 || alen > INT_MAX / sizeof(char *)) {
+        errorExit(3, BAD_ARG_MSG);
+    }
+    nargv = (const char **) malloc(alen);
     nargv[nargc++] = java;
 
 #ifdef __linux__