Thu, 13 Feb 2014 11:28:17 -0500
8030763: Validate global memory allocation
Summary: Add length checks where necessary
Reviewed-by: coleenp, mschoene
1.1 --- a/src/os/bsd/vm/os_bsd.cpp Wed Feb 12 11:33:30 2014 -0800 1.2 +++ b/src/os/bsd/vm/os_bsd.cpp Thu Feb 13 11:28:17 2014 -0500 1.3 @@ -1,5 +1,5 @@ 1.4 /* 1.5 - * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. 1.6 + * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved. 1.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 1.8 * 1.9 * This code is free software; you can redistribute it and/or modify it 1.10 @@ -1115,10 +1115,6 @@ 1.11 ::abort(); 1.12 } 1.13 1.14 -// unused on bsd for now. 1.15 -void os::set_error_file(const char *logfile) {} 1.16 - 1.17 - 1.18 // This method is a copy of JDK's sysGetLastErrorString 1.19 // from src/solaris/hpi/src/system_md.c 1.20 1.21 @@ -1808,6 +1804,7 @@ 1.22 // determine if this is a legacy image or modules image 1.23 // modules image doesn't have "jre" subdirectory 1.24 len = strlen(buf); 1.25 + assert(len < buflen, "Ran out of buffer space"); 1.26 jrelib_p = buf + len; 1.27 1.28 // Add the appropriate library subdir 1.29 @@ -1841,7 +1838,7 @@ 1.30 } 1.31 } 1.32 1.33 - strcpy(saved_jvm_path, buf); 1.34 + strncpy(saved_jvm_path, buf, MAXPATHLEN); 1.35 } 1.36 1.37 void os::print_jni_name_prefix_on(outputStream* st, int args_size) {
2.1 --- a/src/os/linux/vm/os_linux.cpp Wed Feb 12 11:33:30 2014 -0800 2.2 +++ b/src/os/linux/vm/os_linux.cpp Thu Feb 13 11:28:17 2014 -0500 2.3 @@ -1,5 +1,5 @@ 2.4 /* 2.5 - * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. 2.6 + * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved. 2.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 2.8 * 2.9 * This code is free software; you can redistribute it and/or modify it 2.10 @@ -1572,9 +1572,6 @@ 2.11 ::abort(); 2.12 } 2.13 2.14 -// unused on linux for now. 2.15 -void os::set_error_file(const char *logfile) {} 2.16 - 2.17 2.18 // This method is a copy of JDK's sysGetLastErrorString 2.19 // from src/solaris/hpi/src/system_md.c 2.20 @@ -2399,6 +2396,7 @@ 2.21 // determine if this is a legacy image or modules image 2.22 // modules image doesn't have "jre" subdirectory 2.23 len = strlen(buf); 2.24 + assert(len < buflen, "Ran out of buffer room"); 2.25 jrelib_p = buf + len; 2.26 snprintf(jrelib_p, buflen-len, "/jre/lib/%s", cpu_arch); 2.27 if (0 != access(buf, F_OK)) { 2.28 @@ -2419,7 +2417,7 @@ 2.29 } 2.30 } 2.31 2.32 - strcpy(saved_jvm_path, buf); 2.33 + strncpy(saved_jvm_path, buf, MAXPATHLEN); 2.34 } 2.35 2.36 void os::print_jni_name_prefix_on(outputStream* st, int args_size) {
3.1 --- a/src/os/solaris/vm/os_solaris.cpp Wed Feb 12 11:33:30 2014 -0800 3.2 +++ b/src/os/solaris/vm/os_solaris.cpp Thu Feb 13 11:28:17 2014 -0500 3.3 @@ -1,5 +1,5 @@ 3.4 /* 3.5 - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. 3.6 + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. 3.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 3.8 * 3.9 * This code is free software; you can redistribute it and/or modify it 3.10 @@ -1788,9 +1788,6 @@ 3.11 ::abort(); // dump core (for debugging) 3.12 } 3.13 3.14 -// unused 3.15 -void os::set_error_file(const char *logfile) {} 3.16 - 3.17 // DLL functions 3.18 3.19 const char* os::dll_file_extension() { return ".so"; } 3.20 @@ -2474,6 +2471,7 @@ 3.21 // determine if this is a legacy image or modules image 3.22 // modules image doesn't have "jre" subdirectory 3.23 len = strlen(buf); 3.24 + assert(len < buflen, "Ran out of buffer space"); 3.25 jrelib_p = buf + len; 3.26 snprintf(jrelib_p, buflen-len, "/jre/lib/%s", cpu_arch); 3.27 if (0 != access(buf, F_OK)) { 3.28 @@ -2492,7 +2490,7 @@ 3.29 } 3.30 } 3.31 3.32 - strcpy(saved_jvm_path, buf); 3.33 + strncpy(saved_jvm_path, buf, MAXPATHLEN); 3.34 } 3.35 3.36
4.1 --- a/src/os/windows/vm/os_windows.cpp Wed Feb 12 11:33:30 2014 -0800 4.2 +++ b/src/os/windows/vm/os_windows.cpp Thu Feb 13 11:28:17 2014 -0500 4.3 @@ -1,5 +1,5 @@ 4.4 /* 4.5 - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. 4.6 + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. 4.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4.8 * 4.9 * This code is free software; you can redistribute it and/or modify it 4.10 @@ -1819,7 +1819,8 @@ 4.11 // libjvm.so is installed there (append a fake suffix 4.12 // hotspot/libjvm.so). 4.13 char* java_home_var = ::getenv("JAVA_HOME"); 4.14 - if (java_home_var != NULL && java_home_var[0] != 0) { 4.15 + if (java_home_var != NULL && java_home_var[0] != 0 && 4.16 + strlen(java_home_var) < (size_t)buflen) { 4.17 4.18 strncpy(buf, java_home_var, buflen); 4.19 4.20 @@ -1837,9 +1838,9 @@ 4.21 } 4.22 4.23 if(buf[0] == '\0') { 4.24 - GetModuleFileName(vm_lib_handle, buf, buflen); 4.25 - } 4.26 - strcpy(saved_jvm_path, buf); 4.27 + GetModuleFileName(vm_lib_handle, buf, buflen); 4.28 + } 4.29 + strncpy(saved_jvm_path, buf, MAX_PATH); 4.30 } 4.31 4.32 4.33 @@ -2290,19 +2291,8 @@ 4.34 } 4.35 4.36 */ 4.37 -#endif //_WIN64 4.38 - 4.39 - 4.40 -// Fatal error reporting is single threaded so we can make this a 4.41 -// static and preallocated. If it's more than MAX_PATH silently ignore 4.42 -// it. 4.43 -static char saved_error_file[MAX_PATH] = {0}; 4.44 - 4.45 -void os::set_error_file(const char *logfile) { 4.46 - if (strlen(logfile) <= MAX_PATH) { 4.47 - strncpy(saved_error_file, logfile, MAX_PATH); 4.48 - } 4.49 -} 4.50 +#endif // _WIN64 4.51 + 4.52 4.53 static inline void report_error(Thread* t, DWORD exception_code, 4.54 address addr, void* siginfo, void* context) {
5.1 --- a/src/share/vm/compiler/compileBroker.cpp Wed Feb 12 11:33:30 2014 -0800 5.2 +++ b/src/share/vm/compiler/compileBroker.cpp Thu Feb 13 11:28:17 2014 -0500 5.3 @@ -1,5 +1,5 @@ 5.4 /* 5.5 - * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. 5.6 + * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved. 5.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 5.8 * 5.9 * This code is free software; you can redistribute it and/or modify it 5.10 @@ -2089,6 +2089,7 @@ 5.11 ResourceMark rm; 5.12 char* method_name = method->name()->as_C_string(); 5.13 strncpy(_last_method_compiled, method_name, CompileBroker::name_buffer_length); 5.14 + _last_method_compiled[CompileBroker::name_buffer_length - 1] = '\0'; // ensure null terminated 5.15 char current_method[CompilerCounters::cmname_buffer_length]; 5.16 size_t maxLen = CompilerCounters::cmname_buffer_length; 5.17
6.1 --- a/src/share/vm/runtime/os.hpp Wed Feb 12 11:33:30 2014 -0800 6.2 +++ b/src/share/vm/runtime/os.hpp Thu Feb 13 11:28:17 2014 -0500 6.3 @@ -1,5 +1,5 @@ 6.4 /* 6.5 - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. 6.6 + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. 6.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 6.8 * 6.9 * This code is free software; you can redistribute it and/or modify it 6.10 @@ -470,9 +470,6 @@ 6.11 // run cmd in a separate process and return its exit code; or -1 on failures 6.12 static int fork_and_exec(char *cmd); 6.13 6.14 - // Set file to send error reports. 6.15 - static void set_error_file(const char *logfile); 6.16 - 6.17 // os::exit() is merged with vm_exit() 6.18 // static void exit(int num); 6.19
7.1 --- a/src/share/vm/utilities/vmError.cpp Wed Feb 12 11:33:30 2014 -0800 7.2 +++ b/src/share/vm/utilities/vmError.cpp Thu Feb 13 11:28:17 2014 -0500 7.3 @@ -1,5 +1,5 @@ 7.4 /* 7.5 - * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. 7.6 + * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. 7.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 7.8 * 7.9 * This code is free software; you can redistribute it and/or modify it 7.10 @@ -975,7 +975,6 @@ 7.11 if (fd != -1) { 7.12 out.print_raw("# An error report file with more information is saved as:\n# "); 7.13 out.print_raw_cr(buffer); 7.14 - os::set_error_file(buffer); 7.15 7.16 log.set_fd(fd); 7.17 } else {