RFR: 8368097: [asan] heap-buffer-overflow reported in ClassFileParser::skip_over_field_signature [v2]
David Holmes
dholmes at openjdk.org
Fri Oct 3 11:41:46 UTC 2025
On Thu, 2 Oct 2025 11:56:45 GMT, Johan Sjölen <jsjolen at openjdk.org> wrote:
>> Hi,
>>
>> `skip_over_field_name` may produce a pointer which is exactly one `char` of bounds, which is the dereferenced by `skip_over_field_signature` when it looks for a semi-colon. This causes an out-of-bounds read, which ASAN caught. The fix is to check whether it's OK to dereference `p` or not.
>>
>> We keep the semantics the same other than that, so `skip_over_field_signature` and `skip_over_field_name` can both return a pointer which is one past the valid memory range. Creating such a pointer is explicitly not UB, but dereferencing it is.
>
> Johan Sjölen has updated the pull request incrementally with one additional commit since the last revision:
>
> Update src/hotspot/share/classfile/classFileParser.cpp
>
> Co-authored-by: David Holmes <62092539+dholmes-ora at users.noreply.github.com>
Marked as reviewed by dholmes (Reviewer).
-------------
PR Review: https://git.openjdk.org/jdk/pull/27528#pullrequestreview-3298563138
More information about the hotspot-runtime-dev
mailing list