8129786: Buffer overrun when passing long not existing option in JDK 9
authorddmitriev
Thu, 02 Jul 2015 12:25:55 +0300
changeset 31624 a184abca1684
parent 31622 65674ad91414
child 31625 93a4e1b7172c
8129786: Buffer overrun when passing long not existing option in JDK 9 Summary: Only make the obsolete check for valid arguments(length less than 256) Reviewed-by: dcubed, dholmes
hotspot/src/share/vm/runtime/arguments.cpp
hotspot/test/runtime/CommandLine/TestLongUnrecognizedVMOption.java
--- a/hotspot/src/share/vm/runtime/arguments.cpp	Wed Jul 01 16:38:14 2015 +0200
+++ b/hotspot/src/share/vm/runtime/arguments.cpp	Thu Jul 02 12:25:55 2015 +0300
@@ -837,16 +837,19 @@
     arg_len = equal_sign - argname;
   }
 
-  // Construct a string which consists only of the argument name without '+', '-', or '='.
-  char stripped_argname[256];
-  strncpy(stripped_argname, argname, arg_len);
-  stripped_argname[arg_len] = '\0'; //strncpy doesn't null terminate.
-
-  if (is_newly_obsolete(stripped_argname, &since)) {
-    char version[256];
-    since.to_string(version, sizeof(version));
-    warning("ignoring option %s; support was removed in %s", stripped_argname, version);
-    return true;
+  // Only make the obsolete check for valid arguments.
+  if (arg_len <= BUFLEN) {
+    // Construct a string which consists only of the argument name without '+', '-', or '='.
+    char stripped_argname[BUFLEN+1];
+    strncpy(stripped_argname, argname, arg_len);
+    stripped_argname[arg_len] = '\0';  // strncpy may not null terminate.
+
+    if (is_newly_obsolete(stripped_argname, &since)) {
+      char version[256];
+      since.to_string(version, sizeof(version));
+      warning("ignoring option %s; support was removed in %s", stripped_argname, version);
+      return true;
+    }
   }
 
   // For locked flags, report a custom error message if available.
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/hotspot/test/runtime/CommandLine/TestLongUnrecognizedVMOption.java	Thu Jul 02 12:25:55 2015 +0300
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8129786
+ * @summary Verify that JVM correctly processes very long unrecognized VM option
+ * @library /testlibrary
+ * @modules java.management
+ * @run main TestLongUnrecognizedVMOption
+ */
+
+import jdk.test.lib.OutputAnalyzer;
+import jdk.test.lib.ProcessTools;
+
+public class TestLongUnrecognizedVMOption {
+
+    /* Create option with very long length(greater than 500 characters) */
+    private static final String VERY_LONG_OPTION = String.format("%500s=10", "unrecognizedoption").replace(" ", "a");
+
+    public static void main(String[] args) throws Exception {
+        OutputAnalyzer output;
+
+        output = new OutputAnalyzer(ProcessTools.createJavaProcessBuilder("-XX:" + VERY_LONG_OPTION, "-version").start());
+        output.shouldHaveExitValue(1);
+        output.shouldContain(String.format("Unrecognized VM option '%s'", VERY_LONG_OPTION));
+    }
+}