Fri, 03 Apr 2020 14:14:26 +0100
8076475: Misuses of strncpy/strncat
Summary: Various small fixes around strncpy and strncat
Reviewed-by: andrew
1.1 --- a/agent/src/os/bsd/libproc_impl.c Mon Sep 23 20:26:18 2019 +0200 1.2 +++ b/agent/src/os/bsd/libproc_impl.c Fri Apr 03 14:14:26 2020 +0100 1.3 @@ -215,7 +215,12 @@ 1.4 return NULL; 1.5 } 1.6 1.7 - strncpy(newlib->name, libname, sizeof(newlib->name)); 1.8 + if (strlen(libname) >= sizeof(newlib->name)) { 1.9 + print_debug("libname %s too long\n", libname); 1.10 + return NULL; 1.11 + } 1.12 + strcpy(newlib->name, libname); 1.13 + 1.14 newlib->base = base; 1.15 1.16 if (fd == -1) {
2.1 --- a/agent/src/os/linux/libproc_impl.c Mon Sep 23 20:26:18 2019 +0200 2.2 +++ b/agent/src/os/linux/libproc_impl.c Fri Apr 03 14:14:26 2020 +0100 2.3 @@ -159,7 +159,12 @@ 2.4 return NULL; 2.5 } 2.6 2.7 - strncpy(newlib->name, libname, sizeof(newlib->name)); 2.8 + if (strlen(libname) >= sizeof(newlib->name)) { 2.9 + print_debug("libname %s too long\n", libname); 2.10 + return NULL; 2.11 + } 2.12 + strcpy(newlib->name, libname); 2.13 + 2.14 newlib->base = base; 2.15 2.16 if (fd == -1) {
3.1 --- a/src/os/bsd/dtrace/libjvm_db.c Mon Sep 23 20:26:18 2019 +0200 3.2 +++ b/src/os/bsd/dtrace/libjvm_db.c Fri Apr 03 14:14:26 2020 +0100 3.3 @@ -543,13 +543,14 @@ 3.4 CHECK_FAIL(err); 3.5 3.6 result[0] = '\0'; 3.7 - strncat(result, klassString, size); 3.8 - size -= strlen(klassString); 3.9 - strncat(result, ".", size); 3.10 - size -= 1; 3.11 - strncat(result, nameString, size); 3.12 - size -= strlen(nameString); 3.13 - strncat(result, signatureString, size); 3.14 + if (snprintf(result, size, 3.15 + "%s.%s%s", 3.16 + klassString, 3.17 + nameString, 3.18 + signatureString) >= size) { 3.19 + // truncation 3.20 + goto fail; 3.21 + } 3.22 3.23 if (nameString != NULL) free(nameString); 3.24 if (klassString != NULL) free(klassString); 3.25 @@ -1056,9 +1057,9 @@ 3.26 CHECK_FAIL(err); 3.27 } 3.28 if (deoptimized) { 3.29 - strncat(result + 1, " [deoptimized frame]; ", size-1); 3.30 + strncat(result, " [deoptimized frame]; ", size - strlen(result) - 1); 3.31 } else { 3.32 - strncat(result + 1, " [compiled] ", size-1); 3.33 + strncat(result, " [compiled] ", size - strlen(result) - 1); 3.34 } 3.35 if (debug) 3.36 fprintf(stderr, "name_for_nmethod: END: method name: %s, vf_cnt: %d\n\n",
4.1 --- a/src/os/bsd/vm/decoder_machO.cpp Mon Sep 23 20:26:18 2019 +0200 4.2 +++ b/src/os/bsd/vm/decoder_machO.cpp Fri Apr 03 14:14:26 2020 +0100 4.3 @@ -97,6 +97,7 @@ 4.4 char * symname = mach_find_in_stringtable((char*) ((uintptr_t)mach_base + stroff), strsize, found_strx); 4.5 if (symname) { 4.6 strncpy(buf, symname, buflen); 4.7 + buf[buflen - 1] = '\0'; 4.8 return true; 4.9 } 4.10 DEBUG_ONLY(tty->print_cr("no string or null string found."));
5.1 --- a/src/os/solaris/dtrace/libjvm_db.c Mon Sep 23 20:26:18 2019 +0200 5.2 +++ b/src/os/solaris/dtrace/libjvm_db.c Fri Apr 03 14:14:26 2020 +0100 5.3 @@ -543,13 +543,14 @@ 5.4 CHECK_FAIL(err); 5.5 5.6 result[0] = '\0'; 5.7 - strncat(result, klassString, size); 5.8 - size -= strlen(klassString); 5.9 - strncat(result, ".", size); 5.10 - size -= 1; 5.11 - strncat(result, nameString, size); 5.12 - size -= strlen(nameString); 5.13 - strncat(result, signatureString, size); 5.14 + if (snprintf(result, size, 5.15 + "%s.%s%s", 5.16 + klassString, 5.17 + nameString, 5.18 + signatureString) >= size) { 5.19 + // truncation 5.20 + goto fail; 5.21 + } 5.22 5.23 if (nameString != NULL) free(nameString); 5.24 if (klassString != NULL) free(klassString); 5.25 @@ -1056,9 +1057,9 @@ 5.26 CHECK_FAIL(err); 5.27 } 5.28 if (deoptimized) { 5.29 - strncat(result + 1, " [deoptimized frame]; ", size-1); 5.30 + strncat(result, " [deoptimized frame]; ", size - strlen(result) - 1); 5.31 } else { 5.32 - strncat(result + 1, " [compiled] ", size-1); 5.33 + strncat(result, " [compiled] ", size - strlen(result) - 1); 5.34 } 5.35 if (debug) 5.36 fprintf(stderr, "name_for_nmethod: END: method name: %s, vf_cnt: %d\n\n",
6.1 --- a/src/share/tools/hsdis/hsdis.c Mon Sep 23 20:26:18 2019 +0200 6.2 +++ b/src/share/tools/hsdis/hsdis.c Fri Apr 03 14:14:26 2020 +0100 6.3 @@ -438,6 +438,7 @@ 6.4 } 6.5 p = q; 6.6 } 6.7 + *iop = '\0'; 6.8 } 6.9 6.10 static void print_help(struct hsdis_app_data* app_data,
7.1 --- a/src/share/vm/compiler/compileBroker.hpp Mon Sep 23 20:26:18 2019 +0200 7.2 +++ b/src/share/vm/compiler/compileBroker.hpp Fri Apr 03 14:14:26 2020 +0100 7.3 @@ -173,7 +173,8 @@ 7.4 // these methods should be called in a thread safe context 7.5 7.6 void set_current_method(const char* method) { 7.7 - strncpy(_current_method, method, (size_t)cmname_buffer_length); 7.8 + strncpy(_current_method, method, (size_t)cmname_buffer_length-1); 7.9 + _current_method[cmname_buffer_length-1] = '\0'; 7.10 if (UsePerfData) _perf_current_method->set_value(method); 7.11 } 7.12
8.1 --- a/src/share/vm/compiler/disassembler.cpp Mon Sep 23 20:26:18 2019 +0200 8.2 +++ b/src/share/vm/compiler/disassembler.cpp Fri Apr 03 14:14:26 2020 +0100 8.3 @@ -295,6 +295,7 @@ 8.4 strlen((const char*)arg) > sizeof(buffer) - 1) { 8.5 // Only print this when the mach changes 8.6 strncpy(buffer, (const char*)arg, sizeof(buffer) - 1); 8.7 + buffer[sizeof(buffer) - 1] = '\0'; 8.8 output()->print_cr("[Disassembling for mach='%s']", arg); 8.9 } 8.10 } else if (match(event, "format bytes-per-line")) {
9.1 --- a/src/share/vm/runtime/arguments.cpp Mon Sep 23 20:26:18 2019 +0200 9.2 +++ b/src/share/vm/runtime/arguments.cpp Fri Apr 03 14:14:26 2020 +0100 9.3 @@ -3476,8 +3476,7 @@ 9.4 src ++; 9.5 } 9.6 9.7 - char* copy = AllocateHeap(strlen(src) + 1, mtInternal); 9.8 - strncpy(copy, src, strlen(src) + 1); 9.9 + char* copy = os::strdup(src, mtInternal); 9.10 9.11 // trim all trailing empty paths 9.12 for (char* tail = copy + strlen(copy) - 1; tail >= copy && *tail == separator; tail--) { 9.13 @@ -3856,18 +3855,14 @@ 9.14 if (end != NULL) *end = '\0'; 9.15 size_t jvm_path_len = strlen(jvm_path); 9.16 size_t file_sep_len = strlen(os::file_separator()); 9.17 - shared_archive_path = NEW_C_HEAP_ARRAY(char, jvm_path_len + 9.18 - file_sep_len + 20, mtInternal); 9.19 + const size_t len = jvm_path_len + file_sep_len + 20; 9.20 + shared_archive_path = NEW_C_HEAP_ARRAY(char, len, mtInternal); 9.21 if (shared_archive_path != NULL) { 9.22 - strncpy(shared_archive_path, jvm_path, jvm_path_len + 1); 9.23 - strncat(shared_archive_path, os::file_separator(), file_sep_len); 9.24 - strncat(shared_archive_path, "classes.jsa", 11); 9.25 + jio_snprintf(shared_archive_path, len, "%s%sclasses.jsa", 9.26 + jvm_path, os::file_separator()); 9.27 } 9.28 } else { 9.29 - shared_archive_path = NEW_C_HEAP_ARRAY(char, strlen(SharedArchiveFile) + 1, mtInternal); 9.30 - if (shared_archive_path != NULL) { 9.31 - strncpy(shared_archive_path, SharedArchiveFile, strlen(SharedArchiveFile) + 1); 9.32 - } 9.33 + shared_archive_path = os::strdup(SharedArchiveFile, mtInternal); 9.34 } 9.35 return shared_archive_path; 9.36 }
10.1 --- a/src/share/vm/utilities/ostream.cpp Mon Sep 23 20:26:18 2019 +0200 10.2 +++ b/src/share/vm/utilities/ostream.cpp Fri Apr 03 14:14:26 2020 +0100 10.3 @@ -344,15 +344,19 @@ 10.4 assert(rm == NULL || Thread::current()->current_resource_mark() == rm, 10.5 "stringStream is re-allocated with a different ResourceMark"); 10.6 buffer = NEW_RESOURCE_ARRAY(char, end); 10.7 - strncpy(buffer, oldbuf, buffer_pos); 10.8 + if (buffer_pos > 0) { 10.9 + memcpy(buffer, oldbuf, buffer_pos); 10.10 + } 10.11 buffer_length = end; 10.12 } 10.13 } 10.14 // invariant: buffer is always null-terminated 10.15 guarantee(buffer_pos + write_len + 1 <= buffer_length, "stringStream oob"); 10.16 - buffer[buffer_pos + write_len] = 0; 10.17 - strncpy(buffer + buffer_pos, s, write_len); 10.18 - buffer_pos += write_len; 10.19 + if (write_len > 0) { 10.20 + buffer[buffer_pos + write_len] = 0; 10.21 + memcpy(buffer + buffer_pos, s, write_len); 10.22 + buffer_pos += write_len; 10.23 + } 10.24 10.25 // Note that the following does not depend on write_len. 10.26 // This means that position and count get updated
11.1 --- a/src/share/vm/utilities/vmError.cpp Mon Sep 23 20:26:18 2019 +0200 11.2 +++ b/src/share/vm/utilities/vmError.cpp Fri Apr 03 14:14:26 2020 +0100 11.3 @@ -455,14 +455,7 @@ 11.4 #else 11.5 const char *file = _filename; 11.6 #endif 11.7 - size_t len = strlen(file); 11.8 - size_t buflen = sizeof(buf); 11.9 - 11.10 - strncpy(buf, file, buflen); 11.11 - if (len + 10 < buflen) { 11.12 - sprintf(buf + len, ":%d", _lineno); 11.13 - } 11.14 - st->print(" (%s)", buf); 11.15 + st->print(" (%s:%d)", file, _lineno); 11.16 } else { 11.17 st->print(" (0x%x)", _id); 11.18 }