review (XS) for 6765546: Wrong sscanf used to parse CompilerOracle command >= 32 characters could lead to crash
Igor Veresov
igor.veresov at oracle.com
Tue Dec 14 15:54:56 PST 2010
Looks good!
May I also suggest piggybacking that on this change:
@@ -489,7 +489,7 @@ void CompilerOracle::parse_from_line(cha
line += bytes_read;
// there might be a signature following the method.
// signatures always begin with ( so match that by hand
- if (1 == sscanf(line, "%*[ \t](%254[);/" RANGEBASE "]%n", sig + 1,
&bytes_read)) {
+ if (1 == sscanf(line, "%*[ \t](%254[[);/" RANGEBASE "]%n", sig + 1,
&bytes_read)) {
This basically makes it accept signatures with arrays.
Thanks,
igor
On 12/14/10 3:30 PM, Tom Rodriguez wrote:
> http://cr.openjdk.java.net/~never/6765546
>
> 6765546: Wrong sscanf used to parse CompilerOracle command>= 32 characters could lead to crash
> Reviewed-by:
>
> The buffer for a sscanf isn't long enough to include the null
> termination and we're missing a check for unknown commands. Tested
> with various command lines.
More information about the hotspot-compiler-dev
mailing list