src/java.base/unix/native/libjava/TimeZone_md.c

rev 15588 : 8165936: Potential Heap buffer overflow when seaching timezone info files
Summary: readdir_r called with too small buffer
Reviewed-by: clanger, rriggs, okutsu, naoto

@@ -126,17 +126,30 @@
     char *pathname = NULL;
     int fd = -1;
     char *dbuf = NULL;
     char *tz = NULL;
     int res;
+    long name_max = 0;
 
     dirp = opendir(dir);
     if (dirp == NULL) {
         return NULL;
     }
 
-    entry = (struct dirent64 *) malloc((size_t) pathconf(dir, _PC_NAME_MAX));
+    name_max = pathconf(dir, _PC_NAME_MAX);
+    // If pathconf did not work, fall back to NAME_MAX.
+    if (name_max < 0) {
+        name_max = NAME_MAX;
+    }
+    // Some older System V systems have a very small NAME_MAX size of 14; as
+    // there is no way to tell readdir_r the output buffer size, lets enforce
+    // a mimimum buffer size.
+    if (name_max < 1024) {
+        name_max = 1024;
+    }
+
+    entry = (struct dirent64 *)malloc(offsetof(struct dirent64, d_name) + name_max + 1);
     if (entry == NULL) {
         (void) closedir(dirp);
         return NULL;
     }