Integrated: 8329961: Buffer overflow in os::Linux::kernel_version
Johan Sjölen
jsjolen at openjdk.org
Wed Apr 10 15:19:13 UTC 2024
On Tue, 9 Apr 2024 13:44:46 GMT, Johan Sjölen <jsjolen at openjdk.org> wrote:
> Hi,
>
> There was a bug in the original implementation of `os::Linux::kernel_version` which this PR fixes. Namely, the comparison `walker != nullptr` is wrong, the intended comparison was `*walker != '\0'` or `walker[0] != '\0'`. This means that if a bad/unexpected version string is encountered the `walker` would read past the string.
>
> We fix this by applying the correct comparison and adding some basic tests.
>
> @luhenry , @robehn. You attempted to create automatic backport branches on this in the original PR, can you check whether this fix also needs to be backported to the mentioned versions? The original PR link is this: https://github.com/openjdk/jdk/pull/17889
This pull request has now been integrated.
Changeset: 279ed0dd
Author: Johan Sjölen <jsjolen at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/279ed0ddd505fb3052b818f755b4b220ed5557e6
Stats: 10 lines in 1 file changed: 0 ins; 7 del; 3 mod
8329961: Buffer overflow in os::Linux::kernel_version
Reviewed-by: rehn, stuefe
-------------
PR: https://git.openjdk.org/jdk/pull/18697
More information about the hotspot-runtime-dev
mailing list