Secure Coding mailing list archives
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code
From: vanderaj at greebo.net (Andrew van der Stock)
Date: Wed, 29 Mar 2006 13:17:12 +1100
This is not quite true. Java does not prevent integer overflows (it will not throw an exception). So you still have to be careful about array indexes. Andrew On 29/03/2006, at 12:49 PM, michaelslists at gmail.com wrote:
no, a browser written in java would not have buffer overflow/stack issues. the jvm is specifically designed to prevent it ... -- Michael
-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2234 bytes Desc: not available Url : http://krvw.com/pipermail/sc-l/attachments/20060329/ea07464c/attachment.bin
Current thread:
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Pilon Mntry (Mar 26)
- <Possible follow-ups>
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code michaelslists at gmail.com (Mar 28)
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Andrew van der Stock (Mar 28)
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code michaelslists at gmail.com (Mar 28)
- Java integer overflows (was: a really long topic) Andrew van der Stock (Mar 28)
- Re: Java integer overflows (was: a really long topic) michaelslists at gmail.com (Mar 28)
- Message not available
- Re: [Full-disclosure] Re: Java integer overflows (was: a really long topic) michaelslists at gmail.com (Mar 28)
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Andrew van der Stock (Mar 28)