

Analysis of CVE-2013-0809 – Java integer overflow - VMG
http://axtaxt.wordpress.com/2013/07/06/analysis-of-cve-2013-0809/

======
Someone
Minor correction: _The size of the malloced area: (width_ height * 4) modulo
0xffffffff* is incorrect. The modulo is 2^32, not 2^32-1

~~~
unwind
I noticed that too. The author is probably confusing the fact that you can
_compute_ the modulo for a power of two by bitwise-and:ing with (the power of
two) - 1.

I.e. x & 0xffffffff == x % (0xffffffff + 1) (assuming more than 32 bits
everywhere).

------
ExpiredLink
OpenJDK, not "Java".

~~~
pjmlp
Not only that, it is an exploit of the C code in the OpenJDK implementation.

People should stop mixing languages with implementations.

