RFR: 8296024: Usage of DIrectBuffer::address should be guarded [v9]
Per Minborg
pminborg at openjdk.org
Tue Nov 22 13:52:22 UTC 2022
On Tue, 22 Nov 2022 09:23:40 GMT, Maurizio Cimadamore <mcimadamore at openjdk.org> wrote:
>> Per Minborg has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Rework Acquisition
>
> src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java line 914:
>
>> 912: * If so, make a copy to put the dst data in.
>> 913: */
>> 914: @SuppressWarnings("try")
>
> After looking at the implementation some more, I'm not sure this need fixing? E.g. this method is just using the address to compute some overlap - and return a buffer sliced accordingly. There's no access to the buffer data (except for the last part which does a `put`). The access will fail if the session is closed from underneath. I don't think this can crash the VM (in fact this code did not have a reachability fence to begin with).
Well spotted. I will remove the guarding here.
-------------
PR: https://git.openjdk.org/jdk/pull/11260
More information about the security-dev
mailing list