RFR: JDK-8298248: Limit sscanf output width in cgroup file parsers
Johan Sjölen
jsjolen at openjdk.org
Wed Dec 7 12:51:56 UTC 2022
On Wed, 7 Dec 2022 07:50:20 GMT, Thomas Stuefe <stuefe at openjdk.org> wrote:
> Trivial.
>
> GET_CONTAINER_INFO_CPTR should be called with limits for the output buffers. The usual 1K provided should be large enough normally. This just prevents intentionally malformed input from causing overwriters.
This doesn't look right at all from the beginning.. Look at this PR I just created: https://github.com/openjdk/jdk/pull/11557
OK, I was a bit too quick. Yes, this is correct, except for the last line:
> "Maximum number of tasks is: %s", "%1023s %*d", pidsmax, 1024);
Where the bug is the same as in the PR I just created.
-------------
PR: https://git.openjdk.org/jdk/pull/11554
More information about the hotspot-runtime-dev
mailing list