RFR (XS) 8011048 - reading from unmapped memory in UTF8::as_quoted_ascii()
Daniel D. Daugherty
daniel.daugherty at oracle.com
Mon Apr 1 06:02:53 PDT 2013
On 3/31/13 8:54 PM, Ioi Lam wrote:
> Please review a very small fix:
>
> http://cr.openjdk.java.net/~iklam/8011048/utf8_read_past_end_001/
> <http://cr.openjdk.java.net/%7Eiklam/8011048/utf8_read_past_end_001/>
Thumbs up.
The frames links are broken, but sdiffs worked.
You might try your next bug's webrev without the "./" prefix on
the changed file names; that might work.
src/share/vm/oops/symbol.cpp
src/share/vm/utilities/utf8.cpp
src/share/vm/utilities/utf8.hpp
No comments.
Dan
>
> Bug: Possible reading from unmapped memory in UTF8::as_quoted_ascii()
>
> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8011048
> https://jbs.oracle.com/bugs/browse/JDK-8011048
>
> Summary of fix:
>
> The old code would read 1 byte past the end of the buffer with the
> "while (*p != '\0')" loop, because the UTF8 string embedded in a
> Symbol
> is not 0-terminated.
>
> The fix is to add a utf8_length parameter to UTF8::as_quoted_ascii().
>
> Tests:
>
> JPRT
> UTE (vm.runtime.testlist, vm.quick.testlist,
> vm.parallel_class_loading.testlist)
>
> Thanks
> - Ioi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/hotspot-runtime-dev/attachments/20130401/14d0881d/attachment.html
More information about the hotspot-runtime-dev
mailing list