8030763: Validate global memory allocation
authorhseigel
Mon, 14 Jul 2014 12:43:50 +0400
changeset 25503 9f471b837330
parent 25502 92dc8bd62c69
child 25504 69de8357bc53
8030763: Validate global memory allocation Summary: Add length checks where necessary Reviewed-by: coleenp, mschoene
hotspot/src/os/bsd/vm/os_bsd.cpp
hotspot/src/os/linux/vm/os_linux.cpp
hotspot/src/os/solaris/vm/os_solaris.cpp
hotspot/src/os/windows/vm/os_windows.cpp
hotspot/src/share/vm/compiler/compileBroker.cpp
hotspot/src/share/vm/runtime/os.hpp
hotspot/src/share/vm/utilities/vmError.cpp
--- a/hotspot/src/os/bsd/vm/os_bsd.cpp	Fri Jul 11 09:14:21 2014 -0700
+++ b/hotspot/src/os/bsd/vm/os_bsd.cpp	Mon Jul 14 12:43:50 2014 +0400
@@ -1172,10 +1172,6 @@
   ::abort();
 }
 
-// unused on bsd for now.
-void os::set_error_file(const char *logfile) {}
-
-
 // This method is a copy of JDK's sysGetLastErrorString
 // from src/solaris/hpi/src/system_md.c
 
@@ -1832,6 +1828,7 @@
         // determine if this is a legacy image or modules image
         // modules image doesn't have "jre" subdirectory
         len = strlen(buf);
+        assert(len < buflen, "Ran out of buffer space");
         jrelib_p = buf + len;
 
         // Add the appropriate library subdir
@@ -1865,7 +1862,7 @@
     }
   }
 
-  strcpy(saved_jvm_path, buf);
+  strncpy(saved_jvm_path, buf, MAXPATHLEN);
 }
 
 void os::print_jni_name_prefix_on(outputStream* st, int args_size) {
--- a/hotspot/src/os/linux/vm/os_linux.cpp	Fri Jul 11 09:14:21 2014 -0700
+++ b/hotspot/src/os/linux/vm/os_linux.cpp	Mon Jul 14 12:43:50 2014 +0400
@@ -1553,9 +1553,6 @@
   ::abort();
 }
 
-// unused on linux for now.
-void os::set_error_file(const char *logfile) {}
-
 
 // This method is a copy of JDK's sysGetLastErrorString
 // from src/solaris/hpi/src/system_md.c
@@ -2345,6 +2342,7 @@
         // determine if this is a legacy image or modules image
         // modules image doesn't have "jre" subdirectory
         len = strlen(buf);
+        assert(len < buflen, "Ran out of buffer room");
         jrelib_p = buf + len;
         snprintf(jrelib_p, buflen-len, "/jre/lib/%s", cpu_arch);
         if (0 != access(buf, F_OK)) {
@@ -2365,7 +2363,7 @@
     }
   }
 
-  strcpy(saved_jvm_path, buf);
+  strncpy(saved_jvm_path, buf, MAXPATHLEN);
 }
 
 void os::print_jni_name_prefix_on(outputStream* st, int args_size) {
--- a/hotspot/src/os/solaris/vm/os_solaris.cpp	Fri Jul 11 09:14:21 2014 -0700
+++ b/hotspot/src/os/solaris/vm/os_solaris.cpp	Mon Jul 14 12:43:50 2014 +0400
@@ -1543,9 +1543,6 @@
   ::abort(); // dump core (for debugging)
 }
 
-// unused
-void os::set_error_file(const char *logfile) {}
-
 // DLL functions
 
 const char* os::dll_file_extension() { return ".so"; }
@@ -2185,6 +2182,7 @@
         // determine if this is a legacy image or modules image
         // modules image doesn't have "jre" subdirectory
         len = strlen(buf);
+        assert(len < buflen, "Ran out of buffer space");
         jrelib_p = buf + len;
         snprintf(jrelib_p, buflen-len, "/jre/lib/%s", cpu_arch);
         if (0 != access(buf, F_OK)) {
@@ -2203,7 +2201,7 @@
     }
   }
 
-  strcpy(saved_jvm_path, buf);
+  strncpy(saved_jvm_path, buf, MAXPATHLEN);
 }
 
 
--- a/hotspot/src/os/windows/vm/os_windows.cpp	Fri Jul 11 09:14:21 2014 -0700
+++ b/hotspot/src/os/windows/vm/os_windows.cpp	Mon Jul 14 12:43:50 2014 +0400
@@ -1824,7 +1824,9 @@
     // looks like jvm.dll is installed there (append a fake suffix
     // hotspot/jvm.dll).
     char* java_home_var = ::getenv("JAVA_HOME");
-    if (java_home_var != NULL && java_home_var[0] != 0) {
+    if (java_home_var != NULL && java_home_var[0] != 0 &&
+        strlen(java_home_var) < (size_t)buflen) {
+
       strncpy(buf, java_home_var, buflen);
 
       // determine if this is a legacy image or modules image
@@ -1843,7 +1845,7 @@
   if (buf[0] == '\0') {
     GetModuleFileName(vm_lib_handle, buf, buflen);
   }
-  strcpy(saved_jvm_path, buf);
+  strncpy(saved_jvm_path, buf, MAX_PATH);
 }
 
 
@@ -2291,17 +2293,6 @@
   return EXCEPTION_CONTINUE_SEARCH;
 }
 
-// Fatal error reporting is single threaded so we can make this a
-// static and preallocated.  If it's more than MAX_PATH silently ignore
-// it.
-static char saved_error_file[MAX_PATH] = {0};
-
-void os::set_error_file(const char *logfile) {
-  if (strlen(logfile) <= MAX_PATH) {
-    strncpy(saved_error_file, logfile, MAX_PATH);
-  }
-}
-
 static inline void report_error(Thread* t, DWORD exception_code,
                                 address addr, void* siginfo, void* context) {
   VMError err(t, exception_code, addr, siginfo, context);
--- a/hotspot/src/share/vm/compiler/compileBroker.cpp	Fri Jul 11 09:14:21 2014 -0700
+++ b/hotspot/src/share/vm/compiler/compileBroker.cpp	Mon Jul 14 12:43:50 2014 +0400
@@ -2123,6 +2123,7 @@
   ResourceMark rm;
   char* method_name = method->name()->as_C_string();
   strncpy(_last_method_compiled, method_name, CompileBroker::name_buffer_length);
+  _last_method_compiled[CompileBroker::name_buffer_length - 1] = '\0'; // ensure null terminated
   char current_method[CompilerCounters::cmname_buffer_length];
   size_t maxLen = CompilerCounters::cmname_buffer_length;
 
--- a/hotspot/src/share/vm/runtime/os.hpp	Fri Jul 11 09:14:21 2014 -0700
+++ b/hotspot/src/share/vm/runtime/os.hpp	Mon Jul 14 12:43:50 2014 +0400
@@ -469,9 +469,6 @@
   // run cmd in a separate process and return its exit code; or -1 on failures
   static int fork_and_exec(char *cmd);
 
-  // Set file to send error reports.
-  static void set_error_file(const char *logfile);
-
   // os::exit() is merged with vm_exit()
   // static void exit(int num);
 
--- a/hotspot/src/share/vm/utilities/vmError.cpp	Fri Jul 11 09:14:21 2014 -0700
+++ b/hotspot/src/share/vm/utilities/vmError.cpp	Mon Jul 14 12:43:50 2014 +0400
@@ -989,7 +989,6 @@
       if (fd != -1) {
         out.print_raw("# An error report file with more information is saved as:\n# ");
         out.print_raw_cr(buffer);
-        os::set_error_file(buffer);
 
         log.set_fd(fd);
       } else {