Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

JDK-8262472: Buffer overflow in UNICODE::as_utf8 for zero length output buffer #2753

Closed
wants to merge 2 commits into from

Conversation

@tstuefe
Copy link
Member

@tstuefe tstuefe commented Feb 26, 2021

This one is trivial and probably inconsequential, but lets fix it anyway.

There is a buffer overflow in both variants of UNICODE::as_utf8, where in case of truncation due to a zero length output buffer the terminating zero still gets written.

Added fix + gtest. Ran gtest.


Progress

  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • Change must be properly reviewed

Issue

  • JDK-8262472: Buffer overflow in UNICODE::as_utf8 for zero length output buffer

Reviewers

Download

$ git fetch https://git.openjdk.java.net/jdk pull/2753/head:pull/2753
$ git checkout pull/2753

@bridgekeeper
Copy link

@bridgekeeper bridgekeeper bot commented Feb 26, 2021

👋 Welcome back stuefe! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

Loading

@tstuefe tstuefe force-pushed the JDK-8262472-overflow-utf8 branch from b8b7042 to 598212e Feb 26, 2021
@openjdk
Copy link

@openjdk openjdk bot commented Feb 26, 2021

@tstuefe The following label will be automatically applied to this pull request:

  • hotspot

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

Loading

@openjdk openjdk bot added the hotspot label Feb 26, 2021
@tstuefe tstuefe marked this pull request as ready for review Feb 26, 2021
@openjdk openjdk bot added the rfr label Feb 26, 2021
@mlbridge
Copy link

@mlbridge mlbridge bot commented Feb 26, 2021

Webrevs

Loading

@dholmes-ora
Copy link
Member

@dholmes-ora dholmes-ora commented Mar 1, 2021

Hi Thomas,

I'd rather treat passing a zero-length buffer as a programming error and assert the length is non-zero, rather than penalizing every correct call with an unnecessary precondition check.

Cheers,
David

Loading

@tstuefe
Copy link
Member Author

@tstuefe tstuefe commented Mar 1, 2021

Hi Thomas,

I'd rather treat passing a zero-length buffer as a programming error and assert the length is non-zero, rather than penalizing every correct call with an unnecessary precondition check.

Cheers,
David

Hi David,

okay, I changed it to an assert. I looked at the callers and think this should be okay, but I am not perfectly sure. Lets hope we hit all cases with our tests.

Cheers, Thomas

Loading

Copy link
Member

@dholmes-ora dholmes-ora left a comment

Fine by me.

Thanks,
David

Loading

@openjdk
Copy link

@openjdk openjdk bot commented Mar 1, 2021

@tstuefe This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8262472: Buffer overflow in UNICODE::as_utf8 for zero length output buffer

Reviewed-by: dholmes, iklam

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 24 new commits pushed to the master branch:

  • 642f45f: 8261839: Error creating runtime package on macos without mac-package-identifier
  • 682e120: 8262497: Delete unused utility methods in ICC_Profile class
  • 4c9adce: 8262379: Add regression test for JDK-8257746
  • 6baecf3: 8259937: guarantee(loc != NULL) failed: missing saved register with native invoker
  • c569f1d: 8262085: Hovering Metal HTML Tooltips in different windows cause IllegalArgExc on Linux
  • 75bf106: 8262028: Make InstanceKlass::implementor return InstanceKlass
  • fe8e370: 8262188: Add test to verify trace page sizes logging on Linux
  • 0a7fff4: 8261636: The test mapping in hugetlbfs_sanity_check should consider LargePageSizeInBytes
  • 702ca62: 8262185: G1: Prune collection set candidates early
  • 8bc8542: 8262195: Harden tests that use the HostsFileNameService (jdk.net.hosts.file property)
  • ... and 14 more: https://git.openjdk.java.net/jdk/compare/240f2a1bb7c982f7bda15c62abe2313d87654ed5...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

Loading

@openjdk openjdk bot added the ready label Mar 1, 2021
iklam
iklam approved these changes Mar 1, 2021
Copy link
Member

@iklam iklam left a comment

LGTM

Loading

@tstuefe
Copy link
Member Author

@tstuefe tstuefe commented Mar 2, 2021

Thanks Ioi and David!

/integrate

Loading

@openjdk openjdk bot closed this Mar 2, 2021
@openjdk openjdk bot added integrated and removed ready rfr labels Mar 2, 2021
@openjdk
Copy link

@openjdk openjdk bot commented Mar 2, 2021

@tstuefe Since your change was applied there have been 30 commits pushed to the master branch:

  • 6635d7a: 8261670: Add javadoc for the XML processing limits
  • 85b774a: 8255859: Incorrect comments in log.hpp
  • c3eb80e: 8262500: HostName entry in VM.info should be a new line
  • 9f0f0c9: 8260933: runtime/cds/serviceability/ReplaceCriticalClassesForSubgraphs.java fails without CompactStrings
  • d339832: 8257414: Drag n Drop target area is wrong on high DPI systems
  • 353416f: 8262509: JSSE Server should check the legacy version in TLSv1.3 ClientHello
  • 642f45f: 8261839: Error creating runtime package on macos without mac-package-identifier
  • 682e120: 8262497: Delete unused utility methods in ICC_Profile class
  • 4c9adce: 8262379: Add regression test for JDK-8257746
  • 6baecf3: 8259937: guarantee(loc != NULL) failed: missing saved register with native invoker
  • ... and 20 more: https://git.openjdk.java.net/jdk/compare/240f2a1bb7c982f7bda15c62abe2313d87654ed5...master

Your commit was automatically rebased without conflicts.

Pushed as commit f5ab7f6.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

Loading

@tstuefe tstuefe deleted the JDK-8262472-overflow-utf8 branch Mar 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
3 participants