RFR: 8368097: [asan] heap-buffer-overflow reported in ClassFileParser::skip_over_field_signature
Matthias Baesken
mbaesken at openjdk.org
Tue Sep 30 14:27:22 UTC 2025
On Fri, 26 Sep 2025 12:59:56 GMT, Johan Sjölen <jsjolen at openjdk.org> wrote:
> Hi,
>
> `skip_over_field_name` may produce a pointer which is exactly one `char` of bounds, which is the dereferenced by `skip_over_field_signature` when it looks for a semi-colon. This causes an out-of-bounds read, which ASAN caught. The fix is to check whether it's OK to dereference `p` or not.
>
> We keep the semantics the same other than that, so `skip_over_field_signature` and `skip_over_field_name` can both return a pointer which is one past the valid memory range. Creating such a pointer is explicitly not UB, but dereferencing it is.
Looks good, and I tested your patch with asan enabled and the issue is gone (used the test described in the JBS bug).
-------------
Marked as reviewed by mbaesken (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/27528#pullrequestreview-3285226641
More information about the hotspot-runtime-dev
mailing list