RFR: 8329961: Buffer overflow in os::Linux::kernel_version [v3]

[Thomas Stuefe]

On Tue, 9 Apr 2024 14:06:47 GMT, Johan Sjölen <jsjolen at openjdk.org> wrote:

>> Hi,
>> 
>> There was a bug in the original implementation of `os::Linux::kernel_version` which this PR fixes. Namely, the comparison `walker != nullptr` is wrong, the intended comparison was `*walker != '\0'` or `walker[0] != '\0'`. This means that if a bad/unexpected version string is encountered the `walker` would read past the string.
>> 
>> We fix this by applying the correct comparison and adding some basic tests.
>> 
>> @luhenry , @robehn. You attempted to create automatic backport branches on this in the original PR, can you check whether this fix also needs to be backported to the mentioned versions? The original PR link is this: https://github.com/openjdk/jdk/pull/17889
>
> Johan Sjölen has updated the pull request incrementally with two additional commits since the last revision:
> 
>  - Must be VM test
>  - Update test once more

Hmm, wouldn't sscanf not be simpler and safer? No need to factor out the parser. IMHO no need to even add a gtest since parsing would be really simple and not loop based. E.g.


if (sscanf(release, "%d.%d", &major, &minor) != 2) {
  log_warning blabla
}


As bonus, you avoid accidental conversion from hex numbers and such that strotol provides and that we don't really want here.

-------------

PR Review: https://git.openjdk.org/jdk/pull/18697#pullrequestreview-1989241590