RFR: JDK-8298248: Limit sscanf outbut width in cgroup file parsers
David Holmes
dholmes at openjdk.org
Wed Dec 7 09:22:08 UTC 2022
On Wed, 7 Dec 2022 07:50:20 GMT, Thomas Stuefe <stuefe at openjdk.org> wrote:
> Trivial.
>
> GET_CONTAINER_INFO_CPTR should be called with limits for the output buffers. The usual 1K provided should be large enough normally. This just prevents intentionally malformed input from causing overwriters.
This doesn't give me a good feeling - the 1023 is 1024-1 but the two are completely independent as expressed. Ideally this would be handled inside the macro but that in turn passes things to `subsystem_file_line_contents` and so there is no easy way to express that the width limit is related to the `bufsize`. :(
So I reluctantly approve.
-------------
Marked as reviewed by dholmes (Reviewer).
PR: https://git.openjdk.org/jdk/pull/11554
More information about the hotspot-runtime-dev
mailing list