8170981: Possible access to char array with negative index
authorlucy
Thu, 22 Dec 2016 15:01:20 -0600
changeset 43404 c37afe5dc3a4
parent 43403 9a09e7b9f0e1
child 43405 1fab8e6866d7
8170981: Possible access to char array with negative index Summary: Check arithmetic before trying to access array by index. Reviewed-by: rprotacio, dholmes, gziemski
hotspot/src/share/vm/runtime/globals.cpp
--- a/hotspot/src/share/vm/runtime/globals.cpp	Thu Dec 22 10:17:18 2016 +0000
+++ b/hotspot/src/share/vm/runtime/globals.cpp	Thu Dec 22 15:01:20 2016 -0600
@@ -469,14 +469,18 @@
   }
 
   if (!printRanges) {
+    // Use some named constants to make code more readable.
+    const unsigned int nSpaces    = 10;
+    const unsigned int maxFlagLen = 40 + nSpaces;
+
     // The print below assumes that the flag name is 40 characters or less.
     // This works for most flags, but there are exceptions. Our longest flag
     // name right now is UseAdaptiveGenerationSizePolicyAtMajorCollection and
     // its minor collection buddy. These are 48 characters. We use a buffer of
-    // 10 spaces below to adjust the space between the flag value and the
+    // nSpaces spaces below to adjust the space between the flag value and the
     // column of flag type and origin that is printed in the end of the line.
-    char spaces[10 + 1] = "          ";
-    st->print("%9s %-40s = ", _type, _name);
+    char spaces[nSpaces + 1] = "          ";
+    st->print("%9s %-*s = ", _type, maxFlagLen-nSpaces, _name);
 
     if (is_bool()) {
       st->print("%-20s", get_bool() ? "true" : "false");
@@ -509,9 +513,12 @@
       }
       else st->print("%-20s", "");
     }
-    assert(strlen(_name) < 50, "Flag name is longer than expected");
-    spaces[50 - MAX2((size_t)40, strlen(_name))] = '\0';
-    st->print("%s", spaces);
+    // Make sure we do not punch a '\0' at a negative char array index.
+    unsigned int nameLen = (unsigned int)strlen(_name);
+    if (nameLen <= maxFlagLen) {
+      spaces[maxFlagLen - MAX2(maxFlagLen-nSpaces, nameLen)] = '\0';
+      st->print("%s", spaces);
+    }
     print_kind_and_origin(st);
 
 #ifndef PRODUCT