RFR: 8259070: Add jcmd option to dump CDS
Ioi Lam
iklam at openjdk.java.net
Sat Feb 27 18:14:40 UTC 2021
On Sat, 27 Feb 2021 05:19:01 GMT, Thomas Stuefe <stuefe at openjdk.org> wrote:
>> src/hotspot/share/memory/metaspaceShared.cpp line 799:
>>
>>> 797: if (strstr(file_name, ".jsa") == nullptr) {
>>> 798: os::snprintf(filename, sizeof(filename), "%s.jsa", file_name);
>>> 799: file = filename;
>>
>> This could potentially overflow the buffer. I think it's best to just leave `file_name` alone. If the user doesn't want the `.jsa` extension, that's fine. Similarly, we don't add `.jsa` to `-XX:ArchiveClassesAtExit` or `-XX:SharedArchiveFile`.
>
> How would it overflow? But I agree, I would not add jsa extension if the user did not specify one. I dislike when programs do that.
`file_name` is user input that comes from the jcmd, so it can be arbitrarily long and exceed JVM_MAXPATHLEN characters.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2737
More information about the serviceability-dev
mailing list