6765546: Wrong sscanf used to parse CompilerOracle command >= 32 characters could lead to crash
authornever
Tue, 14 Dec 2010 23:17:00 -0800 (2010-12-15)
changeset 7701 766eb9258574
parent 7700 3252c02e23b8
child 7702 b59d27191c78
6765546: Wrong sscanf used to parse CompilerOracle command >= 32 characters could lead to crash Reviewed-by: kvn, iveresov
hotspot/src/share/vm/compiler/compilerOracle.cpp
--- a/hotspot/src/share/vm/compiler/compilerOracle.cpp	Tue Dec 14 12:44:30 2010 -0800
+++ b/hotspot/src/share/vm/compiler/compilerOracle.cpp	Tue Dec 14 23:17:00 2010 -0800
@@ -332,7 +332,7 @@
          "command_names size mismatch");
 
   *bytes_read = 0;
-  char command[32];
+  char command[33];
   int result = sscanf(line, "%32[a-z]%n", command, bytes_read);
   for (uint i = 0; i < ARRAY_SIZE(command_names); i++) {
     if (strcmp(command, command_names[i]) == 0) {
@@ -470,6 +470,12 @@
   OracleCommand command = parse_command_name(line, &bytes_read);
   line += bytes_read;
 
+  if (command == UnknownCommand) {
+    tty->print_cr("CompilerOracle: unrecognized line");
+    tty->print_cr("  \"%s\"", original_line);
+    return;
+  }
+
   if (command == QuietCommand) {
     _quiet = true;
     return;
@@ -498,7 +504,7 @@
     line += bytes_read;
     // there might be a signature following the method.
     // signatures always begin with ( so match that by hand
-    if (1 == sscanf(line, "%*[ \t](%254[);/" RANGEBASE "]%n", sig + 1, &bytes_read)) {
+    if (1 == sscanf(line, "%*[ \t](%254[[);/" RANGEBASE "]%n", sig + 1, &bytes_read)) {
       sig[0] = '(';
       line += bytes_read;
       signature = oopFactory::new_symbol_handle(sig, CHECK);