Integrated: 8302337: JDK crashes if lib/modules contains non-zero byte containing ATTRIBUTE_END
Severin Gehwolf
sgehwolf at openjdk.org
Tue Feb 14 09:30:57 UTC 2023
On Mon, 13 Feb 2023 16:57:17 GMT, Severin Gehwolf <sgehwolf at openjdk.org> wrote:
> The `jimage` location attributes are terminated with `ATTRIBUTE_END`-kinds. However,
> the byte containing `ATTRIBUTE_END` (most significant 5 bits, represent `kind`), might
> be non-zero in the lower 3 bits (values up to `0x07` represent `ATTRIBUTE_END`). The JDK code
> handles this case correctly in [`ImageLocation.decompress()`](https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/jdk/internal/jimage/ImageLocation.java#L69..L71). However, the `libjimage`
> code in `java.base` doesn't. That can lead to segfaults reading random bytes and offsets.
>
> I propose to break the loop if `ATTRIBUTE_END` is being encountered so that reading stops.
>
> Testing:
> - [x] `test/jdk/tools/jimage` and `test/jdk/jdk/internal/jimage` tests.
> - [x] Manual testing with a patched JDK to write non-zero bytes containing `ATTRIBUTE_END` into the jimage. Segfaults before, runs fine after.
> - [x] GHA.
>
> Thoughts?
This pull request has now been integrated.
Changeset: ee5f6e15
Author: Severin Gehwolf <sgehwolf at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/ee5f6e156de0fd3d78adf60951866f43c492725b
Stats: 3 lines in 1 file changed: 3 ins; 0 del; 0 mod
8302337: JDK crashes if lib/modules contains non-zero byte containing ATTRIBUTE_END
Reviewed-by: stuefe, jlaskey, alanb
-------------
PR: https://git.openjdk.org/jdk/pull/12539
More information about the core-libs-dev
mailing list