8042660: vm/mlvm/anonloader/stress/byteMutation failed with: assert(index >=0 && index < _length) failed: symbol index overflow
Summary: Detect zero length signatures and throw ClassFormatError before bad dereference occurs
Reviewed-by: coleenp, lfoltan, acorn, gtriantafill
--- a/hotspot/src/share/vm/classfile/classFileParser.cpp Wed Dec 23 13:12:15 2015 +0300
+++ b/hotspot/src/share/vm/classfile/classFileParser.cpp Wed Dec 23 13:02:15 2015 -0500
@@ -567,6 +567,9 @@
const int name_index = cp->name_ref_index_at(index);
const Symbol* const name = cp->symbol_at(name_index);
const Symbol* const sig = cp->symbol_at(sig_index);
+ guarantee_property(sig->utf8_length() != 0,
+ "Illegal zero length constant pool entry at %d in class %s",
+ sig_index, CHECK);
if (sig->byte_at(0) == JVM_SIGNATURE_FUNC) {
verify_legal_method_signature(name, sig, CHECK);
} else {
@@ -593,8 +596,9 @@
verify_legal_field_name(name, CHECK);
if (_need_verify && _major_version >= JAVA_7_VERSION) {
// Signature is verified above, when iterating NameAndType_info.
- // Need only to be sure it's the right type.
- if (signature->byte_at(0) == JVM_SIGNATURE_FUNC) {
+ // Need only to be sure it's non-zero length and the right type.
+ if (signature->utf8_length() == 0 ||
+ signature->byte_at(0) == JVM_SIGNATURE_FUNC) {
throwIllegalSignature(
"Field", name, signature, CHECK);
}
@@ -605,8 +609,9 @@
verify_legal_method_name(name, CHECK);
if (_need_verify && _major_version >= JAVA_7_VERSION) {
// Signature is verified above, when iterating NameAndType_info.
- // Need only to be sure it's the right type.
- if (signature->byte_at(0) != JVM_SIGNATURE_FUNC) {
+ // Need only to be sure it's non-zero length and the right type.
+ if (signature->utf8_length() == 0 ||
+ signature->byte_at(0) != JVM_SIGNATURE_FUNC) {
throwIllegalSignature(
"Method", name, signature, CHECK);
}
@@ -617,8 +622,7 @@
// 4509014: If a class method name begins with '<', it must be "<init>".
assert(name != NULL, "method name in constant pool is null");
const unsigned int name_len = name->utf8_length();
- assert(name_len > 0, "bad method name"); // already verified as legal name
- if (name->byte_at(0) == '<') {
+ if (name_len != 0 && name->byte_at(0) == '<') {
if (name != vmSymbols::object_initializer_name()) {
classfile_parse_error(
"Bad method name at constant pool index %u in class file %s",
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hotspot/test/runtime/classFileParserBug/BadNameAndType.java Wed Dec 23 13:02:15 2015 -0500
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ *
+ */
+
+/*
+ * @test
+ * @bug 8042660
+ * @summary Constant pool NameAndType entries must point to non-zero length Utf8 strings
+ * @compile emptySigUtf8.jcod
+ * @compile emptyNameUtf8.jcod
+ * @run main/othervm -Xverify:all BadNameAndType
+ */
+
+// Test that a constant pool NameAndType descriptor_index and/or name_index
+// that points to a zero length Utf8 string causes a ClassFormatError.
+public class BadNameAndType {
+ public static void main(String args[]) throws Throwable {
+
+ System.out.println("Regression test for bug 8042660");
+
+ // Test descriptor_index pointing to zero-length string.
+ try {
+ Class newClass = Class.forName("emptySigUtf8");
+ throw new RuntimeException("Expected ClassFormatError exception not thrown");
+ } catch (java.lang.ClassFormatError e) {
+ System.out.println("Test BadNameAndType passed test case emptySigUtf8");
+ }
+
+ // Test name_index pointing to zero-length string.
+ try {
+ Class newClass = Class.forName("emptyNameUtf8");
+ throw new RuntimeException("Expected ClassFormatError exception not thrown");
+ } catch (java.lang.ClassFormatError e) {
+ System.out.println("Test BadNameAndType passed test case emptyNameUtf8");
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hotspot/test/runtime/classFileParserBug/emptyNameUtf8.jcod Wed Dec 23 13:02:15 2015 -0500
@@ -0,0 +1,131 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ *
+ */
+
+// This class has an illegal NameAndType at constant pool #4. It's illegal because
+// the Utf8 that it points to at #27 is a zero length string which is not a valid
+// name. Loading this class should cause a ClassFormatError exception.
+class emptyNameUtf8 {
+ 0xCAFEBABE;
+ 0; // minor version
+ 52; // version
+ [29] { // Constant Pool
+ ; // first element is empty
+ Method #6 #15; // #1 at 0x0A
+ Field #16 #17; // #2 at 0x0F
+ String #18; // #3 at 0x14
+ NameAndType #27 #28; // #4 at 0x9F
+ class #21; // #5 at 0x1C
+ class #22; // #6 at 0x1F
+ Utf8 "<init>"; // #7 at 0x22
+ Utf8 "()V"; // #8 at 0x2B
+ Utf8 "Code"; // #9 at 0x2E
+ Utf8 "LineNumberTable"; // #10 at 0x35
+ Utf8 "main"; // #11 at 0x47
+ Utf8 "([Ljava/lang/String;)V"; // #12 at 0x4E
+ Utf8 "SourceFile"; // #13 at 0x67
+ Utf8 "emptyNameUtf8.java"; // #14 at 0x74
+ NameAndType #7 #8; // #15 at 0x81
+ class #23; // #16 at 0x86
+ NameAndType #24 #25; // #17 at 0x89
+ Utf8 "Hello World"; // #18 at 0x8E
+ class #26; // #19 at 0x9C
+ Method #19 #4; // #20 at 0x17
+ Utf8 "emptyNameUtf8"; // #21 at 0xA4
+ Utf8 "java/lang/Object"; // #22 at 0xAC
+ Utf8 "java/lang/System"; // #23 at 0xBF
+ Utf8 "out"; // #24 at 0xD2
+ Utf8 "Ljava/io/PrintStream;"; // #25 at 0xD8
+ Utf8 "java/io/PrintStream"; // #26 at 0xF0
+ Utf8 ""; // #27 at 0x0106
+ Utf8 "()V"; // #28 at 0x0110
+ } // Constant Pool
+
+ 0x0021; // access
+ #5;// this_cpx
+ #6;// super_cpx
+
+ [0] { // Interfaces
+ } // Interfaces
+
+ [0] { // fields
+ } // fields
+
+ [2] { // methods
+ { // Member at 0x0134
+ 0x0001; // access
+ #7; // name_cpx
+ #8; // sig_cpx
+ [1] { // Attributes
+ Attr(#9, 29) { // Code at 0x013C
+ 1; // max_stack
+ 1; // max_locals
+ Bytes[5]{
+ 0x2AB70001B1;
+ };
+ [0] { // Traps
+ } // end Traps
+ [1] { // Attributes
+ Attr(#10, 6) { // LineNumberTable at 0x0153
+ [1] { // LineNumberTable
+ 0 2; // at 0x015F
+ }
+ } // end LineNumberTable
+ } // Attributes
+ } // end Code
+ } // Attributes
+ } // Member
+ ;
+ { // Member at 0x015F
+ 0x0009; // access
+ #11; // name_cpx
+ #12; // sig_cpx
+ [1] { // Attributes
+ Attr(#9, 37) { // Code at 0x0167
+ 2; // max_stack
+ 1; // max_locals
+ Bytes[9]{
+ 0xB200021203B60004;
+ 0xB1;
+ };
+ [0] { // Traps
+ } // end Traps
+ [1] { // Attributes
+ Attr(#10, 10) { // LineNumberTable at 0x0182
+ [2] { // LineNumberTable
+ 0 4; // at 0x018E
+ 8 5; // at 0x0192
+ }
+ } // end LineNumberTable
+ } // Attributes
+ } // end Code
+ } // Attributes
+ } // Member
+ } // methods
+
+ [1] { // Attributes
+ Attr(#13, 2) { // SourceFile at 0x0194
+ #14;
+ } // end SourceFile
+ } // Attributes
+} // end class emptyNameUtf8
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hotspot/test/runtime/classFileParserBug/emptySigUtf8.jcod Wed Dec 23 13:02:15 2015 -0500
@@ -0,0 +1,131 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ *
+ */
+
+// This class has an illegal NameAndType at constant pool #4. It's illegal because
+// the type that it points to at #28 is a zero length Utf8 string which is not a
+// valid signature. Loading this class should cause a ClassFormatError exception.
+class emptySigUtf8 {
+ 0xCAFEBABE;
+ 0; // minor version
+ 52; // version
+ [29] { // Constant Pool
+ ; // first element is empty
+ Method #6 #15; // #1 at 0x0A
+ Field #16 #17; // #2 at 0x0F
+ String #18; // #3 at 0x14
+ NameAndType #27 #28; // #4 at 0x9F
+ class #21; // #5 at 0x1C
+ class #22; // #6 at 0x1F
+ Utf8 "<init>"; // #7 at 0x22
+ Utf8 "()V"; // #8 at 0x2B
+ Utf8 "Code"; // #9 at 0x2E
+ Utf8 "LineNumberTable"; // #10 at 0x35
+ Utf8 "main"; // #11 at 0x47
+ Utf8 "([Ljava/lang/String;)V"; // #12 at 0x4E
+ Utf8 "SourceFile"; // #13 at 0x67
+ Utf8 "emptySigUtf8.java"; // #14 at 0x74
+ NameAndType #7 #8; // #15 at 0x81
+ class #23; // #16 at 0x86
+ NameAndType #24 #25; // #17 at 0x89
+ Utf8 "Hello World"; // #18 at 0x8E
+ class #26; // #19 at 0x9C
+ Method #19 #4; // #20 at 0x17
+ Utf8 "emptySigUtf8"; // #21 at 0xA4
+ Utf8 "java/lang/Object"; // #22 at 0xAC
+ Utf8 "java/lang/System"; // #23 at 0xBF
+ Utf8 "out"; // #24 at 0xD2
+ Utf8 "Ljava/io/PrintStream;"; // #25 at 0xD8
+ Utf8 "java/io/PrintStream"; // #26 at 0xF0
+ Utf8 "hi"; // #27 at 0x0106
+ Utf8 ""; // #28 at 0x0110
+ } // Constant Pool
+
+ 0x0021; // access
+ #5;// this_cpx
+ #6;// super_cpx
+
+ [0] { // Interfaces
+ } // Interfaces
+
+ [0] { // fields
+ } // fields
+
+ [2] { // methods
+ { // Member at 0x0134
+ 0x0001; // access
+ #7; // name_cpx
+ #8; // sig_cpx
+ [1] { // Attributes
+ Attr(#9, 29) { // Code at 0x013C
+ 1; // max_stack
+ 1; // max_locals
+ Bytes[5]{
+ 0x2AB70001B1;
+ };
+ [0] { // Traps
+ } // end Traps
+ [1] { // Attributes
+ Attr(#10, 6) { // LineNumberTable at 0x0153
+ [1] { // LineNumberTable
+ 0 2; // at 0x015F
+ }
+ } // end LineNumberTable
+ } // Attributes
+ } // end Code
+ } // Attributes
+ } // Member
+ ;
+ { // Member at 0x015F
+ 0x0009; // access
+ #11; // name_cpx
+ #12; // sig_cpx
+ [1] { // Attributes
+ Attr(#9, 37) { // Code at 0x0167
+ 2; // max_stack
+ 1; // max_locals
+ Bytes[9]{
+ 0xB200021203B60004;
+ 0xB1;
+ };
+ [0] { // Traps
+ } // end Traps
+ [1] { // Attributes
+ Attr(#10, 10) { // LineNumberTable at 0x0182
+ [2] { // LineNumberTable
+ 0 4; // at 0x018E
+ 8 5; // at 0x0192
+ }
+ } // end LineNumberTable
+ } // Attributes
+ } // end Code
+ } // Attributes
+ } // Member
+ } // methods
+
+ [1] { // Attributes
+ Attr(#13, 2) { // SourceFile at 0x0194
+ #14;
+ } // end SourceFile
+ } // Attributes
+} // end class emptySigUtf8