Fix argument key not being freed in parse_options_for_restore()
Timofei Pushkin
pushkin.td at gmail.com
Mon Sep 25 08:06:37 UTC 2023
In `parse_options_for_restore()` there is a `get_key_value(tail, &key,
&value)` call [1] inside which the pointer stored into `key` maybe
allocated in the heap [2], and it is assumed to be freed by the
caller. For example, this is how `get_key_value()` is used by
`add_property()`:
the `get_key_value()` call is [3] and the call that frees the key if
it was heap-allocated is [4].
So, I think the following patch should be applied to
`parse_options_for_restore()`: [5].
--- a/src/hotspot/share/runtime/arguments.cpp
+++ b/src/hotspot/share/runtime/arguments.cpp
@@ -2286,6 +2286,10 @@ bool Arguments::parse_options_for_restore(const
JavaVMInitArgs* args) {
get_key_value(tail, &key, &value);
if (strcmp(key, "sun.java.command") == 0) {
// ...
}
+
+ if (key != tail) {
+ FreeHeap(const_cast<char *>(key));
+ }
} else if (match_option(option, "-XX:", &tail)) { // -XX:xxxx
[1] https://github.com/openjdk/crac/blob/8fcfc1120a32844bf6aafff5cf1d1a399e1feb44/src/hotspot/share/runtime/arguments.cpp#L2278
[2] https://github.com/openjdk/crac/blob/8fcfc1120a32844bf6aafff5cf1d1a399e1feb44/src/hotspot/share/runtime/arguments.cpp#L1254
[3] https://github.com/openjdk/crac/blob/8fcfc1120a32844bf6aafff5cf1d1a399e1feb44/src/hotspot/share/runtime/arguments.cpp#L1267
[4] https://github.com/openjdk/crac/blob/8fcfc1120a32844bf6aafff5cf1d1a399e1feb44/src/hotspot/share/runtime/arguments.cpp#L1329
[5] https://github.com/TimPushkin/crac/commit/4a76d20f945b0b069310cab291f6b1a102a6cfcd
More information about the crac-dev
mailing list