RFR: 8261299: Use-after-free on failure path in LinuxPackage.c, getJvmLauncherLibPath

Aleksey Shipilev shade at openjdk.java.net
Tue Feb 9 17:49:39 UTC 2021


On Tue, 9 Feb 2021 15:58:36 GMT, Andy Herrick <herrick at openjdk.org> wrote:

>> SonarCloud instance reports a new warning after JDK-8254702:
>>  "Use of memory after it is freed"
>> 
>> char* getJvmLauncherLibPath(void) {
>>        ...
>>         popenStatus = popenCommand(pkgQueryCmd, pkg->name, findLauncherLib,
>>                                                         &launcherLibPath);
>>         if (popenStatus) {
>>             free(launcherLibPath); <---- frees here
>>             goto cleanup;
>>         }
>>     }
>> 
>> cleanup:
>>     free(modulePath);
>>     freePackageDesc(pkg);
>> 
>>     return launcherLibPath; <--- here
>> }
>> 
>> We need to null it out before returning.
>> 
>> Additional testing:
>>  - [x] Linux x86_64 (Ubuntu) `tools/jpackage`
>
> Marked as reviewed by herrick (Reviewer).

Thanks!

-------------

PR: https://git.openjdk.java.net/jdk/pull/2453


More information about the core-libs-dev mailing list