Skip to content
Permalink
Browse files
8255566: Add size validation when parsing values from VersionProps
Reviewed-by: rehn, iklam
  • Loading branch information
David Holmes committed May 4, 2021
1 parent 61365d5 commit d2827994f8a55f5af300baeb1e588ee140f4e78f
Showing with 23 additions and 32 deletions.
  1. +6 −5 src/hotspot/share/runtime/java.hpp
  2. +17 −27 src/hotspot/share/runtime/thread.cpp
@@ -25,6 +25,7 @@
#ifndef SHARE_RUNTIME_JAVA_HPP
#define SHARE_RUNTIME_JAVA_HPP

#include "runtime/os.hpp"
#include "utilities/globalDefinitions.hpp"

class Handle;
@@ -140,35 +141,35 @@ class JDK_Version {
return _java_version;
}
static void set_java_version(const char* version) {
_java_version = version;
_java_version = os::strdup(version);
}

static const char* runtime_name() {
return _runtime_name;
}
static void set_runtime_name(const char* name) {
_runtime_name = name;
_runtime_name = os::strdup(name);
}

static const char* runtime_version() {
return _runtime_version;
}
static void set_runtime_version(const char* version) {
_runtime_version = version;
_runtime_version = os::strdup(version);
}

static const char* runtime_vendor_version() {
return _runtime_vendor_version;
}
static void set_runtime_vendor_version(const char* vendor_version) {
_runtime_vendor_version = vendor_version;
_runtime_vendor_version = os::strdup(vendor_version);
}

static const char* runtime_vendor_vm_bug_url() {
return _runtime_vendor_vm_bug_url;
}
static void set_runtime_vendor_vm_bug_url(const char* vendor_vm_bug_url) {
_runtime_vendor_vm_bug_url = vendor_vm_bug_url;
_runtime_vendor_vm_bug_url = os::strdup(vendor_vm_bug_url);
}

};
@@ -781,17 +781,12 @@ static void create_initial_thread(Handle thread_group, JavaThread* thread,
JavaThreadStatus::RUNNABLE);
}

static char java_version[64] = "";
static char java_runtime_name[128] = "";
static char java_runtime_version[128] = "";
static char java_runtime_vendor_version[128] = "";
static char java_runtime_vendor_vm_bug_url[128] = "";

// Extract version and vendor specific information.
// Extract version and vendor specific information from
// java.lang.VersionProps fields.
// Returned char* is allocated in the thread's resource area
// so must be copied for permanency.
static const char* get_java_version_info(InstanceKlass* ik,
Symbol* field_name,
char* buffer,
int buffer_size) {
Symbol* field_name) {
fieldDescriptor fd;
bool found = ik != NULL &&
ik->find_local_field(field_name,
@@ -801,9 +796,7 @@ static const char* get_java_version_info(InstanceKlass* ik,
if (name_oop == NULL) {
return NULL;
}
const char* name = java_lang_String::as_utf8_string(name_oop,
buffer,
buffer_size);
const char* name = java_lang_String::as_utf8_string(name_oop);
return name;
} else {
return NULL;
@@ -2664,26 +2657,23 @@ void Threads::initialize_java_lang_classes(JavaThread* main_thread, TRAPS) {
// Phase 1 of the system initialization in the library, java.lang.System class initialization
call_initPhase1(CHECK);

// get the Java runtime name, version, and vendor info after java.lang.System is initialized
// Get the Java runtime name, version, and vendor info after java.lang.System is initialized.
// Some values are actually configure-time constants but some can be set via the jlink tool and
// so must be read dynamically. We treat them all the same.
InstanceKlass* ik = SystemDictionary::find_instance_klass(vmSymbols::java_lang_VersionProps(),
Handle(), Handle());
{
ResourceMark rm(main_thread);
JDK_Version::set_java_version(get_java_version_info(ik, vmSymbols::java_version_name()));

JDK_Version::set_java_version(get_java_version_info(ik, vmSymbols::java_version_name(),
java_version, sizeof(java_version)));

JDK_Version::set_runtime_name(get_java_version_info(ik, vmSymbols::java_runtime_name_name(),
java_runtime_name, sizeof(java_runtime_name)));
JDK_Version::set_runtime_name(get_java_version_info(ik, vmSymbols::java_runtime_name_name()));

JDK_Version::set_runtime_version(get_java_version_info(ik, vmSymbols::java_runtime_version_name(),
java_runtime_version, sizeof(java_runtime_version)));
JDK_Version::set_runtime_version(get_java_version_info(ik, vmSymbols::java_runtime_version_name()));

JDK_Version::set_runtime_vendor_version(get_java_version_info(ik, vmSymbols::java_runtime_vendor_version_name(),
java_runtime_vendor_version,
sizeof(java_runtime_vendor_version)));
JDK_Version::set_runtime_vendor_version(get_java_version_info(ik, vmSymbols::java_runtime_vendor_version_name()));

JDK_Version::set_runtime_vendor_vm_bug_url(get_java_version_info(ik, vmSymbols::java_runtime_vendor_vm_bug_url_name(),
java_runtime_vendor_vm_bug_url,
sizeof(java_runtime_vendor_vm_bug_url)));
JDK_Version::set_runtime_vendor_vm_bug_url(get_java_version_info(ik, vmSymbols::java_runtime_vendor_vm_bug_url_name()));
}

// an instance of OutOfMemory exception has been allocated earlier
initialize_class(vmSymbols::java_lang_OutOfMemoryError(), CHECK);

0 comments on commit d282799

Please sign in to comment.