RFR: 8368097: [asan] heap-buffer-overflow reported in ClassFileParser::skip_over_field_signature
Johan Sjölen
jsjolen at openjdk.org
Tue Sep 30 08:31:52 UTC 2025
Hi,
`skip_over_field_name` may produce a pointer which is exactly one `char` of bounds, which is the dereferenced by `skip_over_field_signature` when it looks for a semi-colon. This causes an out-of-bounds read, which ASAN caught. The fix is to check whether it's OK to dereference `p` or not.
We keep the semantics the same other than that, so `skip_over_field_signature` and `skip_over_field_name` can both return a pointer which is one past the valid memory range. Creating such a pointer is explicitly not UB, but dereferencing it is.
-------------
Commit messages:
- Gotta cast
- Change, add assertion
- Fix
- Check whether the next character is in bounds
Changes: https://git.openjdk.org/jdk/pull/27528/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=27528&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8368097
Stats: 7 lines in 1 file changed: 4 ins; 0 del; 3 mod
Patch: https://git.openjdk.org/jdk/pull/27528.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/27528/head:pull/27528
PR: https://git.openjdk.org/jdk/pull/27528
More information about the hotspot-runtime-dev
mailing list