8030763: Validate global memory allocation
Summary: Add length checks where necessary
Reviewed-by: coleenp, mschoene
--- a/hotspot/src/os/bsd/vm/os_bsd.cpp Fri Jul 11 09:14:21 2014 -0700
+++ b/hotspot/src/os/bsd/vm/os_bsd.cpp Mon Jul 14 12:43:50 2014 +0400
@@ -1172,10 +1172,6 @@
::abort();
}
-// unused on bsd for now.
-void os::set_error_file(const char *logfile) {}
-
-
// This method is a copy of JDK's sysGetLastErrorString
// from src/solaris/hpi/src/system_md.c
@@ -1832,6 +1828,7 @@
// determine if this is a legacy image or modules image
// modules image doesn't have "jre" subdirectory
len = strlen(buf);
+ assert(len < buflen, "Ran out of buffer space");
jrelib_p = buf + len;
// Add the appropriate library subdir
@@ -1865,7 +1862,7 @@
}
}
- strcpy(saved_jvm_path, buf);
+ strncpy(saved_jvm_path, buf, MAXPATHLEN);
}
void os::print_jni_name_prefix_on(outputStream* st, int args_size) {
--- a/hotspot/src/os/linux/vm/os_linux.cpp Fri Jul 11 09:14:21 2014 -0700
+++ b/hotspot/src/os/linux/vm/os_linux.cpp Mon Jul 14 12:43:50 2014 +0400
@@ -1553,9 +1553,6 @@
::abort();
}
-// unused on linux for now.
-void os::set_error_file(const char *logfile) {}
-
// This method is a copy of JDK's sysGetLastErrorString
// from src/solaris/hpi/src/system_md.c
@@ -2345,6 +2342,7 @@
// determine if this is a legacy image or modules image
// modules image doesn't have "jre" subdirectory
len = strlen(buf);
+ assert(len < buflen, "Ran out of buffer room");
jrelib_p = buf + len;
snprintf(jrelib_p, buflen-len, "/jre/lib/%s", cpu_arch);
if (0 != access(buf, F_OK)) {
@@ -2365,7 +2363,7 @@
}
}
- strcpy(saved_jvm_path, buf);
+ strncpy(saved_jvm_path, buf, MAXPATHLEN);
}
void os::print_jni_name_prefix_on(outputStream* st, int args_size) {
--- a/hotspot/src/os/solaris/vm/os_solaris.cpp Fri Jul 11 09:14:21 2014 -0700
+++ b/hotspot/src/os/solaris/vm/os_solaris.cpp Mon Jul 14 12:43:50 2014 +0400
@@ -1543,9 +1543,6 @@
::abort(); // dump core (for debugging)
}
-// unused
-void os::set_error_file(const char *logfile) {}
-
// DLL functions
const char* os::dll_file_extension() { return ".so"; }
@@ -2185,6 +2182,7 @@
// determine if this is a legacy image or modules image
// modules image doesn't have "jre" subdirectory
len = strlen(buf);
+ assert(len < buflen, "Ran out of buffer space");
jrelib_p = buf + len;
snprintf(jrelib_p, buflen-len, "/jre/lib/%s", cpu_arch);
if (0 != access(buf, F_OK)) {
@@ -2203,7 +2201,7 @@
}
}
- strcpy(saved_jvm_path, buf);
+ strncpy(saved_jvm_path, buf, MAXPATHLEN);
}
--- a/hotspot/src/os/windows/vm/os_windows.cpp Fri Jul 11 09:14:21 2014 -0700
+++ b/hotspot/src/os/windows/vm/os_windows.cpp Mon Jul 14 12:43:50 2014 +0400
@@ -1824,7 +1824,9 @@
// looks like jvm.dll is installed there (append a fake suffix
// hotspot/jvm.dll).
char* java_home_var = ::getenv("JAVA_HOME");
- if (java_home_var != NULL && java_home_var[0] != 0) {
+ if (java_home_var != NULL && java_home_var[0] != 0 &&
+ strlen(java_home_var) < (size_t)buflen) {
+
strncpy(buf, java_home_var, buflen);
// determine if this is a legacy image or modules image
@@ -1843,7 +1845,7 @@
if (buf[0] == '\0') {
GetModuleFileName(vm_lib_handle, buf, buflen);
}
- strcpy(saved_jvm_path, buf);
+ strncpy(saved_jvm_path, buf, MAX_PATH);
}
@@ -2291,17 +2293,6 @@
return EXCEPTION_CONTINUE_SEARCH;
}
-// Fatal error reporting is single threaded so we can make this a
-// static and preallocated. If it's more than MAX_PATH silently ignore
-// it.
-static char saved_error_file[MAX_PATH] = {0};
-
-void os::set_error_file(const char *logfile) {
- if (strlen(logfile) <= MAX_PATH) {
- strncpy(saved_error_file, logfile, MAX_PATH);
- }
-}
-
static inline void report_error(Thread* t, DWORD exception_code,
address addr, void* siginfo, void* context) {
VMError err(t, exception_code, addr, siginfo, context);
--- a/hotspot/src/share/vm/compiler/compileBroker.cpp Fri Jul 11 09:14:21 2014 -0700
+++ b/hotspot/src/share/vm/compiler/compileBroker.cpp Mon Jul 14 12:43:50 2014 +0400
@@ -2123,6 +2123,7 @@
ResourceMark rm;
char* method_name = method->name()->as_C_string();
strncpy(_last_method_compiled, method_name, CompileBroker::name_buffer_length);
+ _last_method_compiled[CompileBroker::name_buffer_length - 1] = '\0'; // ensure null terminated
char current_method[CompilerCounters::cmname_buffer_length];
size_t maxLen = CompilerCounters::cmname_buffer_length;
--- a/hotspot/src/share/vm/runtime/os.hpp Fri Jul 11 09:14:21 2014 -0700
+++ b/hotspot/src/share/vm/runtime/os.hpp Mon Jul 14 12:43:50 2014 +0400
@@ -469,9 +469,6 @@
// run cmd in a separate process and return its exit code; or -1 on failures
static int fork_and_exec(char *cmd);
- // Set file to send error reports.
- static void set_error_file(const char *logfile);
-
// os::exit() is merged with vm_exit()
// static void exit(int num);
--- a/hotspot/src/share/vm/utilities/vmError.cpp Fri Jul 11 09:14:21 2014 -0700
+++ b/hotspot/src/share/vm/utilities/vmError.cpp Mon Jul 14 12:43:50 2014 +0400
@@ -989,7 +989,6 @@
if (fd != -1) {
out.print_raw("# An error report file with more information is saved as:\n# ");
out.print_raw_cr(buffer);
- os::set_error_file(buffer);
log.set_fd(fd);
} else {