RFR: 8275846: read_base_archive_name() could read past the end of buffer
Ioi Lam
iklam at openjdk.java.net
Sat Nov 6 06:56:35 UTC 2021
On Sat, 6 Nov 2021 05:53:00 GMT, Thomas Stuefe <stuefe at openjdk.org> wrote:
>> Please review this small fix for an intermittent crash in `FileHeaderHelper::read_base_archive_name()`. The crash happens if a string stored inside a CDS dynamic archive is not zero-terminated.
>>
>> The fix is to check for zero-termination, and that the actual string length matches with the the recorded length.
>>
>> This fix was authored by @yqi in PR #5997 , but that PR may take longer to integrate than expected. So let's fix the crash first.
>
> src/hotspot/share/cds/filemap.cpp line 1086:
>
>> 1084: }
>> 1085:
>> 1086: char* read_base_archive_name() {
>
> Why did you change the prototype? Seemed alright to me before, but may be a matter of taste.
I think it's better to tighten up the API, so you don't need to worry about things like -- what value will be contained in *target if the function returns false?
-------------
PR: https://git.openjdk.java.net/jdk/pull/6285
More information about the hotspot-runtime-dev
mailing list