Integrated: 8368097: [asan] heap-buffer-overflow reported in ClassFileParser::skip_over_field_signature
Johan Sjölen
jsjolen at openjdk.org
Mon Oct 6 07:52:08 UTC 2025
On Fri, 26 Sep 2025 12:59:56 GMT, Johan Sjölen <jsjolen at openjdk.org> wrote:
> Hi,
>
> `skip_over_field_name` may produce a pointer which is exactly one `char` of bounds, which is the dereferenced by `skip_over_field_signature` when it looks for a semi-colon. This causes an out-of-bounds read, which ASAN caught. The fix is to check whether it's OK to dereference `p` or not.
>
> We keep the semantics the same other than that, so `skip_over_field_signature` and `skip_over_field_name` can both return a pointer which is one past the valid memory range. Creating such a pointer is explicitly not UB, but dereferencing it is.
This pull request has now been integrated.
Changeset: 069c569a
Author: Johan Sjölen <jsjolen at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/069c569a710f50bc715f523c6c4c7aa087694af6
Stats: 7 lines in 1 file changed: 4 ins; 0 del; 3 mod
8368097: [asan] heap-buffer-overflow reported in ClassFileParser::skip_over_field_signature
Reviewed-by: dholmes, mbaesken
-------------
PR: https://git.openjdk.org/jdk/pull/27528
More information about the hotspot-runtime-dev
mailing list