# HG changeset patch # User apangin # Date 1280978702 25200 # Node ID 7718201e668f6ea82eb20c8bb40705763d5dbc77 # Parent 91f1c55cf47ecb782e328ab42d4aece52ba0971e 6945961: SIGSEGV in memcpy() during class loading on linux-i586 Summary: Check the result of strchr() in Bytecode Verifier Reviewed-by: kamg, acorn diff -r 91f1c55cf47e -r 7718201e668f jdk/src/share/native/common/check_code.c --- a/jdk/src/share/native/common/check_code.c Tue Aug 03 12:22:49 2010 -0700 +++ b/jdk/src/share/native/common/check_code.c Wed Aug 04 20:25:02 2010 -0700 @@ -2730,7 +2730,10 @@ operand); const char *result_signature; check_and_push(context, signature, VM_STRING_UTF); - result_signature = strchr(signature, JVM_SIGNATURE_ENDFUNC) + 1; + result_signature = strchr(signature, JVM_SIGNATURE_ENDFUNC); + if (result_signature++ == NULL) { + CCerror(context, "Illegal signature %s", signature); + } if (result_signature[0] == JVM_SIGNATURE_VOID) { stack_results = ""; } else { @@ -3654,14 +3657,13 @@ const char **signature_p, fullinfo_type *full_info_p) { const char *p = *signature_p; - fullinfo_type full_info = MAKE_FULLINFO(0, 0, 0); + fullinfo_type full_info = MAKE_FULLINFO(ITEM_Bogus, 0, 0); char result; int array_depth = 0; for (;;) { switch(*p++) { default: - full_info = MAKE_FULLINFO(ITEM_Bogus, 0, 0); result = 0; break; @@ -3714,7 +3716,14 @@ char buffer_space[256]; char *buffer = buffer_space; char *finish = strchr(p, JVM_SIGNATURE_ENDCLASS); - int length = finish - p; + int length; + if (finish == NULL) { + /* Signature must have ';' after the class name. + * If it does not, return 0 and ITEM_Bogus in full_info. */ + result = 0; + break; + } + length = finish - p; if (length + 1 > (int)sizeof(buffer_space)) { buffer = malloc(length + 1); check_and_push(context, buffer, VM_MALLOC_BLK);