RFR [XS]: 8235489: handle return values of sscanf calls in hotspot

Tue Dec 10 11:22:40 UTC 2019

Hi Kim,   in  the  sscanf  - call we read from array  'line'   .
So I think an easy solution for the potential  overflow issue is to make 'name'   (at least)  as large as 'line'  .
Then we can safely use just %s .

New webrev :  

http://cr.openjdk.java.net/~mbaesken/webrevs/8235489.3/

Best regards, Matthias

> 
> > On Dec 9, 2019, at 3:30 PM, Kim Barrett <kim.barrett at oracle.com> wrote:
> >
> >> On Dec 9, 2019, at 6:22 AM, Baesken, Matthias
> <matthias.baesken at sap.com> wrote:
> >>
> >> Hi Kim,  new webrev :
> >>
> >> http://cr.openjdk.java.net/~mbaesken/webrevs/8235489.2/
> >>
> >>
> >> regarding the initialization of "name"  - this is indeed for   lines  without  a
> name entry -  those lines exist  in /proc/self/maps .
> >> I adjusted the initialization following your recommendation ( handle
> matches == 6).
> >>
> >> I also changed the unadorned "%s to one with an int-stringsize-parameter
> .
> >
> > ------------------------------------------------------------------------------
> > src/hotspot/os/linux/os_linux.cpp
> > 2084       char name[4097]; // was PATH_MAX + 1
> >
> > Please stay with the original, using PATH_MAX + 1.  I'm assuming this
> > change was so in the string parsing argument you could use "%4096s" to
> > limit the amount of data read into name.  That can still be done with
> > the size of name being based on PATH_MAX by using a variable field
> > width for the string conversion, e.g. "%*s" with an argument of
> > PATH_MAX for the ("*") field width, before the name argument.
> >
> > ------------------------------------------------------------------------------
> 
> Never mind.  I forgot that the scanf family interprets “%*” as “assignment-
> suppression”.
> 
> I think a better approach is to use a “%n” specifier to capture the number of
> characters
> consumed thus far, in an int variable.  Something like (untested)
> 
>   int name_index;
>   const char* name;
>   matches = sscanf(line, “… %n”, …, &name_index);
>   if (matches != 6) continue;
>   name = &line[name_index];