RFR: 8298267: Too many conversion specifiers in CgroupV1Subsystem::pids_max_val

Severin Gehwolf sgehwolf at openjdk.org
Wed Dec 7 13:34:45 UTC 2022


On Wed, 7 Dec 2022 12:40:13 GMT, Johan Sjölen <jsjolen at openjdk.org> wrote:

> Trivial fix.
> 
> This code:
> 
> ```c++
>   GET_CONTAINER_INFO_CPTR(cptr, _pids, "/pids.max",
>                      "Maximum number of tasks is: %s", "%s %*d", pidsmax, 1024);
> 
> 
> Expands to this call:
> 
> ```c++
>     // matchline = NULL
>     err = subsystem_file_line_contents(_pids, "/pids.max", NULL, "%s %*d", pidsmax);
> 
> 
> Which in turn hits this branch:
> 
> ```c++
>       if (matchline == NULL) {
>         // single-line file case
>         int matched = sscanf(p, scan_fmt, returnval);
>         found_match = (matched == 1);
>       } 
> 
> 
> Now we're calling `sscanf()` with `scan_fmt = "%s %*d"`, this is undefined behavior as the number of conversion specifiers are larger than the number of pointers provided.
> 
> This is the correct fix, because the file `pids.max` only contains a number. This is supported by:
> 
> 1. Checking my own `pids.max` and
> 2. This [documentation](https://www.kernel.org/doc/Documentation/cgroup-v1/pids.txt) suggests that it only consists of a number by recommending altering the file through `echo 2 > /sys/fs/cgroup/pids/parent/pids.max`

>From the `sscanf` man page:


       •      An optional '*' assignment-suppression character: scanf() reads input as directed by the conversion specification, but discards the input.  No corresponding pointer argument is required, and this specification  is  not
              included in the count of successful assignments returned by scanf().


So in this case the `%*d` is being discarded, not requiring a pointer argument, no?

-------------

PR: https://git.openjdk.org/jdk/pull/11557


More information about the hotspot-runtime-dev mailing list