RFR: 8247732: validate user-input intrinsic_ids in ControlIntrinsic
Xin Liu
xliu at openjdk.java.net
Sat Nov 21 09:30:15 UTC 2020
On Fri, 20 Nov 2020 08:48:28 GMT, Nils Eliasson <neliasso at openjdk.org> wrote:
>> 8247732: validate user-input intrinsic_ids in ControlIntrinsic
>
> src/hotspot/share/compiler/compilerDirectives.hpp line 198:
>
>> 196: if (vmIntrinsics::_none == vmIntrinsics::find_id(*iter)) {
>> 197: _bad = NEW_C_HEAP_ARRAY(char, strlen(*iter) + 1, mtCompiler);
>> 198: strncpy(_bad, *iter, strlen(*iter) + 1);
>
> This doesn't compile. Using strlen as an argument to strncpy is disallowed.
>
>> "warning: 'char* __builtin_strncpy(char*, const char*, long unsigned int)' specified bound depends on the length of the source argument [-Wstringop-overflow=]"
>
> Do a min between strlen and the maximum allowed length.
>
> Fix this for both uses of the string length (row 197 and 198).
Out of curiosity, what kind of gcc do you use? I am using gcc/g++-8.4.0 and I do append `--with-extra-cxxflags='-Wstringop-overflow -Wstringop-truncation'`, why can't I trigger this warning?
I read this. https://developers.redhat.com/blog/2018/05/24/detecting-string-truncation-with-gcc-8/
let me try to fix it by replacing strncpy with strcpy.
-------------
PR: https://git.openjdk.java.net/jdk/pull/1179
More information about the hotspot-compiler-dev
mailing list