Integrated: 8302337: JDK crashes if lib/modules contains non-zero byte containing ATTRIBUTE_END

Severin Gehwolf sgehwolf at openjdk.org
Tue Feb 14 09:30:57 UTC 2023


On Mon, 13 Feb 2023 16:57:17 GMT, Severin Gehwolf <sgehwolf at openjdk.org> wrote:

> The `jimage` location attributes are terminated with `ATTRIBUTE_END`-kinds. However,
> the byte containing `ATTRIBUTE_END` (most significant 5 bits, represent `kind`), might
> be non-zero in the lower 3 bits (values up to `0x07` represent `ATTRIBUTE_END`). The JDK code
> handles this case correctly in [`ImageLocation.decompress()`](https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/jdk/internal/jimage/ImageLocation.java#L69..L71). However, the `libjimage`
> code in `java.base` doesn't. That can lead to segfaults reading random bytes and offsets.
> 
> I propose to break the loop if `ATTRIBUTE_END` is being encountered so that reading stops.
> 
> Testing:
>  - [x] `test/jdk/tools/jimage` and `test/jdk/jdk/internal/jimage` tests.
>  - [x] Manual testing with a patched JDK to write non-zero bytes containing `ATTRIBUTE_END` into the jimage. Segfaults before, runs fine after.
>  - [x] GHA.
> 
> Thoughts?

This pull request has now been integrated.

Changeset: ee5f6e15
Author:    Severin Gehwolf <sgehwolf at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/ee5f6e156de0fd3d78adf60951866f43c492725b
Stats:     3 lines in 1 file changed: 3 ins; 0 del; 0 mod

8302337: JDK crashes if lib/modules contains non-zero byte containing ATTRIBUTE_END

Reviewed-by: stuefe, jlaskey, alanb

-------------

PR: https://git.openjdk.org/jdk/pull/12539


More information about the core-libs-dev mailing list