8076475: Misuses of strncpy/strncat
Summary: Various small fixes around strncpy and strncat
Reviewed-by: dsamersoff, coleenp
--- a/hotspot/agent/src/os/bsd/libproc_impl.c Tue Apr 21 10:23:13 2015 +0200
+++ b/hotspot/agent/src/os/bsd/libproc_impl.c Tue Apr 07 14:19:03 2015 +0200
@@ -215,7 +215,12 @@
return NULL;
}
- strncpy(newlib->name, libname, sizeof(newlib->name));
+ if (strlen(libname) >= sizeof(newlib->name)) {
+ print_debug("libname %s too long\n", libname);
+ return NULL;
+ }
+ strcpy(newlib->name, libname);
+
newlib->base = base;
if (fd == -1) {
--- a/hotspot/agent/src/os/linux/libproc_impl.c Tue Apr 21 10:23:13 2015 +0200
+++ b/hotspot/agent/src/os/linux/libproc_impl.c Tue Apr 07 14:19:03 2015 +0200
@@ -159,7 +159,12 @@
return NULL;
}
- strncpy(newlib->name, libname, sizeof(newlib->name));
+ if (strlen(libname) >= sizeof(newlib->name)) {
+ print_debug("libname %s too long\n", libname);
+ return NULL;
+ }
+ strcpy(newlib->name, libname);
+
newlib->base = base;
if (fd == -1) {
--- a/hotspot/src/os/bsd/dtrace/libjvm_db.c Tue Apr 21 10:23:13 2015 +0200
+++ b/hotspot/src/os/bsd/dtrace/libjvm_db.c Tue Apr 07 14:19:03 2015 +0200
@@ -582,13 +582,14 @@
CHECK_FAIL(err);
result[0] = '\0';
- strncat(result, klassString, size);
- size -= strlen(klassString);
- strncat(result, ".", size);
- size -= 1;
- strncat(result, nameString, size);
- size -= strlen(nameString);
- strncat(result, signatureString, size);
+ if (snprintf(result, size,
+ "%s.%s%s",
+ klassString,
+ nameString,
+ signatureString) >= size) {
+ // truncation
+ goto fail;
+ }
if (nameString != NULL) free(nameString);
if (klassString != NULL) free(klassString);
@@ -1095,9 +1096,9 @@
CHECK_FAIL(err);
}
if (deoptimized) {
- strncat(result + 1, " [deoptimized frame]; ", size-1);
+ strncat(result, " [deoptimized frame]; ", size - strlen(result) - 1);
} else {
- strncat(result + 1, " [compiled] ", size-1);
+ strncat(result, " [compiled] ", size - strlen(result) - 1);
}
if (debug)
fprintf(stderr, "name_for_nmethod: END: method name: %s, vf_cnt: %d\n\n",
--- a/hotspot/src/os/bsd/vm/decoder_machO.cpp Tue Apr 21 10:23:13 2015 +0200
+++ b/hotspot/src/os/bsd/vm/decoder_machO.cpp Tue Apr 07 14:19:03 2015 +0200
@@ -97,6 +97,7 @@
char * symname = mach_find_in_stringtable((char*) ((uintptr_t)mach_base + stroff), strsize, found_strx);
if (symname) {
strncpy(buf, symname, buflen);
+ buf[buflen - 1] = '\0';
return true;
}
DEBUG_ONLY(tty->print_cr("no string or null string found."));
--- a/hotspot/src/os/solaris/dtrace/libjvm_db.c Tue Apr 21 10:23:13 2015 +0200
+++ b/hotspot/src/os/solaris/dtrace/libjvm_db.c Tue Apr 07 14:19:03 2015 +0200
@@ -582,13 +582,14 @@
CHECK_FAIL(err);
result[0] = '\0';
- strncat(result, klassString, size);
- size -= strlen(klassString);
- strncat(result, ".", size);
- size -= 1;
- strncat(result, nameString, size);
- size -= strlen(nameString);
- strncat(result, signatureString, size);
+ if (snprintf(result, size,
+ "%s.%s%s",
+ klassString,
+ nameString,
+ signatureString) >= size) {
+ // truncation
+ goto fail;
+ }
if (nameString != NULL) free(nameString);
if (klassString != NULL) free(klassString);
@@ -1095,9 +1096,9 @@
CHECK_FAIL(err);
}
if (deoptimized) {
- strncat(result + 1, " [deoptimized frame]; ", size-1);
+ strncat(result, " [deoptimized frame]; ", size - strlen(result) - 1);
} else {
- strncat(result + 1, " [compiled] ", size-1);
+ strncat(result, " [compiled] ", size - strlen(result) - 1);
}
if (debug)
fprintf(stderr, "name_for_nmethod: END: method name: %s, vf_cnt: %d\n\n",
--- a/hotspot/src/share/tools/hsdis/hsdis.c Tue Apr 21 10:23:13 2015 +0200
+++ b/hotspot/src/share/tools/hsdis/hsdis.c Tue Apr 07 14:19:03 2015 +0200
@@ -410,6 +410,7 @@
}
p = q;
}
+ *iop = '\0';
}
static void print_help(struct hsdis_app_data* app_data,
--- a/hotspot/src/share/vm/compiler/compileBroker.hpp Tue Apr 21 10:23:13 2015 +0200
+++ b/hotspot/src/share/vm/compiler/compileBroker.hpp Tue Apr 07 14:19:03 2015 +0200
@@ -172,7 +172,8 @@
// these methods should be called in a thread safe context
void set_current_method(const char* method) {
- strncpy(_current_method, method, (size_t)cmname_buffer_length);
+ strncpy(_current_method, method, (size_t)cmname_buffer_length-1);
+ _current_method[cmname_buffer_length-1] = '\0';
if (UsePerfData) _perf_current_method->set_value(method);
}
--- a/hotspot/src/share/vm/compiler/compilerOracle.cpp Tue Apr 21 10:23:13 2015 +0200
+++ b/hotspot/src/share/vm/compiler/compilerOracle.cpp Tue Apr 07 14:19:03 2015 +0200
@@ -673,9 +673,7 @@
// so read integer and fraction part of double value separately.
if (sscanf(line, "%*[ \t]%255[0-9]%*[ /\t]%255[0-9]%n", buffer[0], buffer[1], &bytes_read) == 2) {
char value[512] = "";
- strncat(value, buffer[0], 255);
- strcat(value, ".");
- strncat(value, buffer[1], 255);
+ jio_snprintf(value, sizeof(value), "%s.%s", buffer[0], buffer[1]);
total_bytes_read += bytes_read;
return add_option_string(c_name, c_match, m_name, m_match, signature, flag, atof(value));
} else {
--- a/hotspot/src/share/vm/compiler/disassembler.cpp Tue Apr 21 10:23:13 2015 +0200
+++ b/hotspot/src/share/vm/compiler/disassembler.cpp Tue Apr 07 14:19:03 2015 +0200
@@ -300,6 +300,7 @@
strlen((const char*)arg) > sizeof(buffer) - 1) {
// Only print this when the mach changes
strncpy(buffer, (const char*)arg, sizeof(buffer) - 1);
+ buffer[sizeof(buffer) - 1] = '\0';
output()->print_cr("[Disassembling for mach='%s']", arg);
}
} else if (match(event, "format bytes-per-line")) {
--- a/hotspot/src/share/vm/runtime/arguments.cpp Tue Apr 21 10:23:13 2015 +0200
+++ b/hotspot/src/share/vm/runtime/arguments.cpp Tue Apr 07 14:19:03 2015 +0200
@@ -2714,7 +2714,7 @@
char *options = NULL;
if(pos != NULL) {
- options = strcpy(NEW_C_HEAP_ARRAY(char, strlen(pos + 1) + 1, mtInternal), pos + 1);
+ options = os::strdup_check_oom(pos + 1, mtInternal);
}
#if !INCLUDE_JVMTI
if (valid_hprof_or_jdwp_agent(name, is_absolute_path)) {
@@ -3314,8 +3314,7 @@
src ++;
}
- char* copy = AllocateHeap(strlen(src) + 1, mtInternal);
- strncpy(copy, src, strlen(src) + 1);
+ char* copy = os::strdup_check_oom(src, mtInternal);
// trim all trailing empty paths
for (char* tail = copy + strlen(copy) - 1; tail >= copy && *tail == separator; tail--) {
@@ -3480,9 +3479,7 @@
}
} else {
char buffer[256];
- const char *key = "java.awt.headless=";
- strcpy(buffer, key);
- strncat(buffer, headless_env, 256 - strlen(key) - 1);
+ jio_snprintf(buffer, sizeof(buffer), "java.awt.headless=%s", headless_env);
if (!add_property(buffer)) {
return JNI_ENOMEM;
}
@@ -3645,18 +3642,14 @@
if (end != NULL) *end = '\0';
size_t jvm_path_len = strlen(jvm_path);
size_t file_sep_len = strlen(os::file_separator());
- shared_archive_path = NEW_C_HEAP_ARRAY(char, jvm_path_len +
- file_sep_len + 20, mtInternal);
+ const size_t len = jvm_path_len + file_sep_len + 20;
+ shared_archive_path = NEW_C_HEAP_ARRAY(char, len, mtInternal);
if (shared_archive_path != NULL) {
- strncpy(shared_archive_path, jvm_path, jvm_path_len + 1);
- strncat(shared_archive_path, os::file_separator(), file_sep_len);
- strncat(shared_archive_path, "classes.jsa", 11);
+ jio_snprintf(shared_archive_path, len, "%s%sclasses.jsa",
+ jvm_path, os::file_separator());
}
} else {
- shared_archive_path = NEW_C_HEAP_ARRAY(char, strlen(SharedArchiveFile) + 1, mtInternal);
- if (shared_archive_path != NULL) {
- strncpy(shared_archive_path, SharedArchiveFile, strlen(SharedArchiveFile) + 1);
- }
+ shared_archive_path = os::strdup_check_oom(SharedArchiveFile, mtInternal);
}
return shared_archive_path;
}
--- a/hotspot/src/share/vm/utilities/ostream.cpp Tue Apr 21 10:23:13 2015 +0200
+++ b/hotspot/src/share/vm/utilities/ostream.cpp Tue Apr 07 14:19:03 2015 +0200
@@ -109,7 +109,7 @@
}
if (add_cr) {
if (result != buffer) {
- strncpy(buffer, result, buflen);
+ memcpy(buffer, result, result_len);
result = buffer;
}
buffer[result_len++] = '\n';
@@ -334,15 +334,19 @@
assert(rm == NULL || Thread::current()->current_resource_mark() == rm,
"stringStream is re-allocated with a different ResourceMark");
buffer = NEW_RESOURCE_ARRAY(char, end);
- strncpy(buffer, oldbuf, buffer_pos);
+ if (buffer_pos > 0) {
+ memcpy(buffer, oldbuf, buffer_pos);
+ }
buffer_length = end;
}
}
// invariant: buffer is always null-terminated
guarantee(buffer_pos + write_len + 1 <= buffer_length, "stringStream oob");
- buffer[buffer_pos + write_len] = 0;
- strncpy(buffer + buffer_pos, s, write_len);
- buffer_pos += write_len;
+ if (write_len > 0) {
+ buffer[buffer_pos + write_len] = 0;
+ memcpy(buffer + buffer_pos, s, write_len);
+ buffer_pos += write_len;
+ }
// Note that the following does not depend on write_len.
// This means that position and count get updated
--- a/hotspot/src/share/vm/utilities/vmError.cpp Tue Apr 21 10:23:13 2015 +0200
+++ b/hotspot/src/share/vm/utilities/vmError.cpp Tue Apr 07 14:19:03 2015 +0200
@@ -463,14 +463,7 @@
#else
const char *file = _filename;
#endif
- size_t len = strlen(file);
- size_t buflen = sizeof(buf);
-
- strncpy(buf, file, buflen);
- if (len + 10 < buflen) {
- sprintf(buf + len, ":%d", _lineno);
- }
- st->print(" (%s)", buf);
+ st->print(" (%s:%d)", file, _lineno);
} else {
st->print(" (0x%x)", _id);
}