Skip to content
Permalink
Browse files
8268894: forged ASTs can provoke an AIOOBE at com.sun.tools.javac.jvm…
….ClassWriter::writePosition

Reviewed-by: vromero
  • Loading branch information
lgxbslgx committed Aug 29, 2021
1 parent 1fb798d commit a9188f237ec23d4ca2a172e9a7897cb6e2b69857
@@ -297,7 +297,6 @@ public boolean matchesPos(int pos) {

public void updatePosOffset(int to) {
offset = to;
lvarOffset = new int[]{to};
isValidOffset = true;
}

@@ -0,0 +1,86 @@
/*
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

import com.sun.source.tree.MethodTree;
import com.sun.source.tree.Tree;
import com.sun.source.util.TreeScanner;
import com.sun.source.util.Trees;
import com.sun.tools.javac.tree.JCTree;
import com.sun.tools.javac.tree.JCTree.*;

import javax.annotation.processing.*;
import javax.lang.model.SourceVersion;
import javax.lang.model.element.Element;
import javax.lang.model.element.ExecutableElement;
import javax.lang.model.element.TypeElement;
import javax.lang.model.util.ElementFilter;
import java.util.Set;

@SupportedAnnotationTypes("*")
public class TypeAnnotationPositionProcessor extends AbstractProcessor {
private Trees trees;
private boolean processed = false;

@Override
public void init(ProcessingEnvironment pe) {
super.init(pe);
trees = Trees.instance(pe);
}

@Override
public boolean process(Set<? extends TypeElement> annotations, RoundEnvironment roundEnv) {
if (processed) {
return false;
} else {
processed = true;
}
Set<? extends Element> elements = roundEnv.getRootElements();
TypeElement typeElement = null;
for (TypeElement te : ElementFilter.typesIn(elements)) {
if ("TypeAnnotationPositionTest".equals(te.getSimpleName().toString())) {
typeElement = te;
break;
}
}
for (ExecutableElement m : ElementFilter.methodsIn(typeElement.getEnclosedElements())) {
if ("test".equals(m.getSimpleName().toString())) {
MethodTree methodTree = trees.getTree(m);
new PositionVisitor().scan(methodTree, ((JCMethodDecl) methodTree).pos);
}
}
return false;
}

private static class PositionVisitor extends TreeScanner<Void, Integer> {
@Override
public Void scan(Tree tree, Integer p) {
if (tree != null) ((JCTree) tree).pos = p;
return super.scan(tree, p);
}
}

@Override
public SourceVersion getSupportedSourceVersion() {
return SourceVersion.latest();
}
}
@@ -0,0 +1,47 @@
/*
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

/*
* @test
* @bug 8268894
* @summary Updating the type annotation position offset causes ArrayIndexOutOfBoundsException in ClassWriter
* @modules jdk.compiler/com.sun.tools.javac.tree
* @compile TypeAnnotationPositionProcessor.java
* @compile -processor TypeAnnotationPositionProcessor TypeAnnotationPositionTest.java
*/

import java.lang.annotation.ElementType;
import java.lang.annotation.Target;

public class TypeAnnotationPositionTest {
TypeAnnotationPositionTest(char @MyTest [] bar) { }

@Target({ElementType.TYPE_USE})
@interface MyTest {
}

TypeAnnotationPositionTest test() {
char @MyTest [] val = new char[]{'1'};
return new TypeAnnotationPositionTest(val);
}
}

3 comments on commit a9188f2

@openjdk-notifier

This comment has been minimized.

Copy link

@openjdk-notifier openjdk-notifier bot replied Aug 29, 2021

@lgxbslgx

This comment has been minimized.

Copy link
Member Author

@lgxbslgx lgxbslgx replied Sep 28, 2021

/backport jdk17u

@openjdk

This comment has been minimized.

Copy link

@openjdk openjdk bot replied Sep 28, 2021

@lgxbslgx the backport was successfully created on the branch lgxbslgx-backport-a9188f23 in my personal fork of openjdk/jdk17u. To create a pull request with this backport targeting openjdk/jdk17u:master, just click the following link:

➡️ Create pull request

The title of the pull request is automatically filled in correctly and below you find a suggestion for the pull request body:

Hi all,

this pull request contains a backport of commit a9188f23 from the openjdk/jdk repository.

The commit being backported was authored by Guoxiong Li on 29 Aug 2021 and was reviewed by Vicente Romero.

Thanks!

If you need to update the source branch of the pull then run the following commands in a local clone of your personal fork of openjdk/jdk17u:

$ git fetch https://github.com/openjdk-bots/jdk17u lgxbslgx-backport-a9188f23:lgxbslgx-backport-a9188f23
$ git checkout lgxbslgx-backport-a9188f23
# make changes
$ git add paths/to/changed/files
$ git commit --message 'Describe additional changes made'
$ git push https://github.com/openjdk-bots/jdk17u lgxbslgx-backport-a9188f23
Please sign in to comment.