8339134: Callers of Exceptions::fthrow should ensure exception message lengths avoid the INT_MAX limits of os::vsnprintf

[dholmes-ora]

This is mostly an audit of the callers of Exceptions::fthrow to ensure unbounded strings can't appear.

There is a code change in DiagnosticCmd parsing to extend the string length limit already used in part of that code.

Just to clarify the issue. The size 1024 is an internal buffer limit that fthrow uses - it is an implementation detail and not something the caller should think about. It is also not relevant to the underlying problem, which is the size of the buffer needed for the fully expanded format string, which os::vsnprintf will try to calculate and report. The intent is to check callers can't hit that underlying vsnprintf INT_MAX limit. When your format string only deals with a few symbols and symbols are always < 64K then we know we are nowhere near that INT_MAX limit. If your format string can take a potentially arbitrary (usually from outside) string then it needs to put its own size guard in place using %*s.

Testing:

• tier 1-3 (sanity)

Thanks

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issue

• JDK-8339134: Callers of Exceptions::fthrow should ensure exception message lengths avoid the INT_MAX limits of os::vsnprintf (Sub-task - P4)

Reviewers

• Coleen Phillimore (@coleenp - Reviewer)
• Johan Sjölen (@jdksjolen - Reviewer)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/21867/head:pull/21867
$ git checkout pull/21867

Update a local copy of the PR:
$ git checkout pull/21867
$ git pull https://git.openjdk.org/jdk.git pull/21867/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 21867

View PR using the GUI difftool:
$ git pr show -t 21867

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/21867.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back dholmes! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

@dholmes-ora This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8339134: Callers of Exceptions::fthrow should ensure exception message lengths avoid the INT_MAX limits of os::vsnprintf

Reviewed-by: coleenp, jsjolen

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 114 new commits pushed to the master branch:

• df2d4c1: 8344898: SM cleanup of java.base sun/util calendar, locale, cldr, and resources
• 4d898aa: 8344896: Remove obsolete checks for AWTPermission accessClipboard
• 08dfc4a: 8344213: Cleanup OpaqueLoop*Node verification code for Assertion Predicates
• 593a589: 8344319: SM cleanup in jdk.dynalink module
• 15ae8d0: 8319993: Update Unicode Data Files to 16.0.0
• a032de2: 8344577: Virtual thread tests are timing out on some macOS systems
• 4110d39: 8344865: SM cleanup in sun/reflect/annotation
• 1334191: 8334474: RISC-V: verify perf of ExpandBits/CompressBits (rvv)
• e29b0ed: 8344181: Remove SecurityManager and related calls from jdk.management and jdk.management.agent
• cb1c736: 8344363: FullGCForwarding::initialize_flags is called after ObjLayout::initialize
• ... and 104 more: https://git.openjdk.org/jdk/compare/f525290000bf8583617047aaeb894bf90332d2e9...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[openjdk]

@dholmes-ora The following labels will be automatically applied to this pull request:

• hotspot
• serviceability

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing lists. If you would like to change these labels, use the /label pull request command.

[mlbridge]

Webrevs

• 02: Full - Incremental (acff14ad)
• 01: Full - Incremental (f0e285da)
• 00: Full (4ffe35d5)

[coleenp]

Okay, I understand the change now. Looks good.

[coleenp]

Can you move this comment to before the first fthrow call at 331? The other fthrow has a msg so doesn't really apply and the comment looks better as just one line like the other places.

[dholmes-ora]

The comment still applies to the msg created by:

char* msg = Reflection::verify_class_access_msg(ref_klass,
                                                    InstanceKlass::cast(base_klass),
                                                    vca_result);

which is also known to be limited by class name symbol lengths. That is why I placed the comment prior to both fthrow calls.

[dholmes-ora]

Thanks for the review @coleenp . I will re-merge and re-test then seek second review.

[jdksjolen]

OK, LGTM

[dholmes-ora]

Thanks for the review @jdksjolen !

/integrate

[openjdk]

Going to push as commit 8de158a.
Since your change was applied there have been 114 commits pushed to the master branch:

• df2d4c1: 8344898: SM cleanup of java.base sun/util calendar, locale, cldr, and resources
• 4d898aa: 8344896: Remove obsolete checks for AWTPermission accessClipboard
• 08dfc4a: 8344213: Cleanup OpaqueLoop*Node verification code for Assertion Predicates
• 593a589: 8344319: SM cleanup in jdk.dynalink module
• 15ae8d0: 8319993: Update Unicode Data Files to 16.0.0
• a032de2: 8344577: Virtual thread tests are timing out on some macOS systems
• 4110d39: 8344865: SM cleanup in sun/reflect/annotation
• 1334191: 8334474: RISC-V: verify perf of ExpandBits/CompressBits (rvv)
• e29b0ed: 8344181: Remove SecurityManager and related calls from jdk.management and jdk.management.agent
• cb1c736: 8344363: FullGCForwarding::initialize_flags is called after ObjLayout::initialize
• ... and 104 more: https://git.openjdk.org/jdk/compare/f525290000bf8583617047aaeb894bf90332d2e9...master

Your commit was automatically rebased without conflicts.

[openjdk]

@dholmes-ora Pushed as commit 8de158a.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.