7200499: Better data validation for options
authorksrini
Tue, 16 Oct 2012 16:38:38 -0700
changeset 16077 92008ab562e0
parent 16076 d7183f4305e5
child 16078 3d5fa54bf734
7200499: Better data validation for options Reviewed-by: darcy, jjh, mschoene
jdk/src/share/bin/jli_util.h
jdk/src/windows/bin/java_md.c
--- a/jdk/src/share/bin/jli_util.h	Tue Oct 16 12:38:29 2012 -0700
+++ b/jdk/src/share/bin/jli_util.h	Tue Oct 16 16:38:38 2012 -0700
@@ -66,7 +66,7 @@
 #include <io.h>
 #define JLI_StrCaseCmp(p1, p2)          stricmp((p1), (p2))
 #define JLI_StrNCaseCmp(p1, p2, p3)     strnicmp((p1), (p2), (p3))
-#define JLI_Snprintf                    _snprintf
+size_t  JLI_Snprintf(char *buffer, size_t size, const char *format, ...);
 void JLI_CmdToArgs(char *cmdline);
 #define JLI_Lseek                       _lseeki64
 #else  /* NIXES */
--- a/jdk/src/windows/bin/java_md.c	Tue Oct 16 12:38:29 2012 -0700
+++ b/jdk/src/windows/bin/java_md.c	Tue Oct 16 16:38:38 2012 -0700
@@ -101,7 +101,6 @@
 /* funtion in awt.dll (src/windows/native/sun/java2d/d3d/D3DPipelineManager.cpp) */
 #define D3D_PRELOAD_FUNC "preloadD3D"
 
-
 /* Extracts value of a parameter with the specified name
  * from command line argument (returns pointer in the argument).
  * Returns NULL if the argument does not contains the parameter.
@@ -276,7 +275,8 @@
 #endif
 #ifdef CRT_DLL
         if (GetJREPath(crtpath, MAXPATHLEN)) {
-            if (JLI_StrLen(crtpath) + JLI_StrLen("\\bin\\") + JLI_StrLen(CRT_DLL) >= MAXPATHLEN) {
+            if (JLI_StrLen(crtpath) + JLI_StrLen("\\bin\\") +
+                    JLI_StrLen(CRT_DLL) >= MAXPATHLEN) {
                 JLI_ReportErrorMessage(JRE_ERROR11);
                 return JNI_FALSE;
             }
@@ -347,7 +347,8 @@
     if (JLI_StrChr(jvmtype, '/') || JLI_StrChr(jvmtype, '\\')) {
         JLI_Snprintf(jvmpath, jvmpathsize, "%s\\" JVM_DLL, jvmtype);
     } else {
-        JLI_Snprintf(jvmpath, jvmpathsize, "%s\\bin\\%s\\" JVM_DLL, jrepath, jvmtype);
+        JLI_Snprintf(jvmpath, jvmpathsize, "%s\\bin\\%s\\" JVM_DLL,
+                     jrepath, jvmtype);
     }
     if (stat(jvmpath, &s) == 0) {
         return JNI_TRUE;
@@ -526,6 +527,29 @@
     return (counts * 1000 * 1000)/counterFrequency.QuadPart;
 }
 
+/*
+ * windows snprintf does not guarantee a null terminator in the buffer,
+ * if the computed size is equal to or greater than the buffer size,
+ * as well as error conditions, this function guarantees a null terminator
+ * under all these conditions. An unreasonable buffer size will return
+ * an error value.
+ */
+size_t
+JLI_Snprintf(char* buffer, size_t size, const char* format, ...)
+{
+    size_t rc;
+    va_list vl;
+    if (size <= 0)
+        return -1;
+    va_start(vl, format);
+    rc = vsnprintf(buffer, size - 1, format, vl);
+    /* force a null terminator, if something is amiss */
+    if (rc < 0 || rc >= size)
+        buffer[size - 1] = '\0';
+    va_end(vl);
+    return rc;
+}
+
 void
 JLI_ReportErrorMessage(const char* fmt, ...) {
     va_list vl;
@@ -880,7 +904,7 @@
  */
 void
 ExecJRE(char *jre, char **argv) {
-    int     len;
+    jint     len;
     char    path[MAXPATHLEN + 1];
 
     const char *progname = GetProgramName();