RFR: 8339134: Callers of Exceptions::fthrow should ensure exception message lengths avoid the INT_MAX limits of os::vsnprintf [v3]

[Johan Sjölen]

On Wed, 20 Nov 2024 00:33:31 GMT, David Holmes <dholmes at openjdk.org> wrote:

>> This is mostly an audit of the callers of `Exceptions::fthrow` to ensure unbounded strings can't appear.
>> 
>> There is a code change in DiagnosticCmd parsing to extend the string length limit already used in part of that code.
>> 
>> Just to clarify the issue. The size 1024 is an internal buffer limit that `fthrow` uses - it is an implementation detail and not something the caller should think about. It is also not relevant to the underlying problem, which is the size of the buffer needed for the fully expanded format string, which `os::vsnprintf` will try to calculate and report. The intent is to check callers can't hit that underlying `vsnprintf` INT_MAX limit. When your format string only deals with a few symbols and symbols are always < 64K then we know we are nowhere near that INT_MAX limit. If your format string can take a potentially arbitrary (usually from outside) string then it needs to put its own size guard in place using `%*s`.
>> 
>> Testing:
>>  - tier 1-3 (sanity)
>> 
>> Thanks
>
> David Holmes has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:
> 
>  - Merge branch 'master' into 8339134-fthrow
>  - Restore previous behaviour for zero length strings
>  - 8339134: Callers of Exceptions::fthrow should ensure exception message lengths avoid the INT_MAX limits of os::vsnprintf

OK, LGTM

-------------

Marked as reviewed by jsjolen (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/21867#pullrequestreview-2459486538