提交 0dea742a 编写于 作者: P poonam

8042660: vm/mlvm/anonloader/stress/byteMutation failed with: assert(index >=0...

8042660: vm/mlvm/anonloader/stress/byteMutation failed with: assert(index >=0 && index < _length) failed: symbol index overflow
Summary: Detect zero length signatures and throw ClassFormatError before bad dereference occurs
Reviewed-by: hseigel
上级 ba01cd97
...@@ -537,6 +537,9 @@ constantPoolHandle ClassFileParser::parse_constant_pool(TRAPS) { ...@@ -537,6 +537,9 @@ constantPoolHandle ClassFileParser::parse_constant_pool(TRAPS) {
int name_index = cp->name_ref_index_at(index); int name_index = cp->name_ref_index_at(index);
Symbol* name = cp->symbol_at(name_index); Symbol* name = cp->symbol_at(name_index);
Symbol* sig = cp->symbol_at(sig_index); Symbol* sig = cp->symbol_at(sig_index);
guarantee_property(sig->utf8_length() != 0,
"Illegal zero length constant pool entry at %d in class %s",
sig_index, CHECK_(nullHandle));
if (sig->byte_at(0) == JVM_SIGNATURE_FUNC) { if (sig->byte_at(0) == JVM_SIGNATURE_FUNC) {
verify_legal_method_signature(name, sig, CHECK_(nullHandle)); verify_legal_method_signature(name, sig, CHECK_(nullHandle));
} else { } else {
...@@ -560,8 +563,9 @@ constantPoolHandle ClassFileParser::parse_constant_pool(TRAPS) { ...@@ -560,8 +563,9 @@ constantPoolHandle ClassFileParser::parse_constant_pool(TRAPS) {
verify_legal_field_name(name, CHECK_(nullHandle)); verify_legal_field_name(name, CHECK_(nullHandle));
if (_need_verify && _major_version >= JAVA_7_VERSION) { if (_need_verify && _major_version >= JAVA_7_VERSION) {
// Signature is verified above, when iterating NameAndType_info. // Signature is verified above, when iterating NameAndType_info.
// Need only to be sure it's the right type. // Need only to be sure it's non-zero length and the right type.
if (signature->byte_at(0) == JVM_SIGNATURE_FUNC) { if (signature->utf8_length() == 0 ||
signature->byte_at(0) == JVM_SIGNATURE_FUNC) {
throwIllegalSignature( throwIllegalSignature(
"Field", name, signature, CHECK_(nullHandle)); "Field", name, signature, CHECK_(nullHandle));
} }
...@@ -572,8 +576,9 @@ constantPoolHandle ClassFileParser::parse_constant_pool(TRAPS) { ...@@ -572,8 +576,9 @@ constantPoolHandle ClassFileParser::parse_constant_pool(TRAPS) {
verify_legal_method_name(name, CHECK_(nullHandle)); verify_legal_method_name(name, CHECK_(nullHandle));
if (_need_verify && _major_version >= JAVA_7_VERSION) { if (_need_verify && _major_version >= JAVA_7_VERSION) {
// Signature is verified above, when iterating NameAndType_info. // Signature is verified above, when iterating NameAndType_info.
// Need only to be sure it's the right type. // Need only to be sure it's non-zero length and the right type.
if (signature->byte_at(0) != JVM_SIGNATURE_FUNC) { if (signature->utf8_length() == 0 ||
signature->byte_at(0) != JVM_SIGNATURE_FUNC) {
throwIllegalSignature( throwIllegalSignature(
"Method", name, signature, CHECK_(nullHandle)); "Method", name, signature, CHECK_(nullHandle));
} }
...@@ -584,8 +589,7 @@ constantPoolHandle ClassFileParser::parse_constant_pool(TRAPS) { ...@@ -584,8 +589,7 @@ constantPoolHandle ClassFileParser::parse_constant_pool(TRAPS) {
// 4509014: If a class method name begins with '<', it must be "<init>". // 4509014: If a class method name begins with '<', it must be "<init>".
assert(name != NULL, "method name in constant pool is null"); assert(name != NULL, "method name in constant pool is null");
unsigned int name_len = name->utf8_length(); unsigned int name_len = name->utf8_length();
assert(name_len > 0, "bad method name"); // already verified as legal name if (name_len != 0 && name->byte_at(0) == '<') {
if (name->byte_at(0) == '<') {
if (name != vmSymbols::object_initializer_name()) { if (name != vmSymbols::object_initializer_name()) {
classfile_parse_error( classfile_parse_error(
"Bad method name at constant pool index %u in class file %s", "Bad method name at constant pool index %u in class file %s",
......
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*
*/
/*
* @test
* @bug 8042660
* @summary Constant pool NameAndType entries must point to non-zero length Utf8 strings
* @compile emptySigUtf8.jcod
* @compile emptyNameUtf8.jcod
* @run main/othervm -Xverify:all BadNameAndType
*/
// Test that a constant pool NameAndType descriptor_index and/or name_index
// that points to a zero length Utf8 string causes a ClassFormatError.
public class BadNameAndType {
public static void main(String args[]) throws Throwable {
System.out.println("Regression test for bug 8042660");
// Test descriptor_index pointing to zero-length string.
try {
Class newClass = Class.forName("emptySigUtf8");
throw new RuntimeException("Expected ClassFormatError exception not thrown");
} catch (java.lang.ClassFormatError e) {
System.out.println("Test BadNameAndType passed test case emptySigUtf8");
}
// Test name_index pointing to zero-length string.
try {
Class newClass = Class.forName("emptyNameUtf8");
throw new RuntimeException("Expected ClassFormatError exception not thrown");
} catch (java.lang.ClassFormatError e) {
System.out.println("Test BadNameAndType passed test case emptyNameUtf8");
}
}
}
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*
*/
// This class has an illegal NameAndType at constant pool #4. It's illegal because
// the Utf8 that it points to at #27 is a zero length string which is not a valid
// name. Loading this class should cause a ClassFormatError exception.
class emptyNameUtf8 {
0xCAFEBABE;
0; // minor version
52; // version
[29] { // Constant Pool
; // first element is empty
Method #6 #15; // #1 at 0x0A
Field #16 #17; // #2 at 0x0F
String #18; // #3 at 0x14
NameAndType #27 #28; // #4 at 0x9F
class #21; // #5 at 0x1C
class #22; // #6 at 0x1F
Utf8 "<init>"; // #7 at 0x22
Utf8 "()V"; // #8 at 0x2B
Utf8 "Code"; // #9 at 0x2E
Utf8 "LineNumberTable"; // #10 at 0x35
Utf8 "main"; // #11 at 0x47
Utf8 "([Ljava/lang/String;)V"; // #12 at 0x4E
Utf8 "SourceFile"; // #13 at 0x67
Utf8 "emptyNameUtf8.java"; // #14 at 0x74
NameAndType #7 #8; // #15 at 0x81
class #23; // #16 at 0x86
NameAndType #24 #25; // #17 at 0x89
Utf8 "Hello World"; // #18 at 0x8E
class #26; // #19 at 0x9C
Method #19 #4; // #20 at 0x17
Utf8 "emptyNameUtf8"; // #21 at 0xA4
Utf8 "java/lang/Object"; // #22 at 0xAC
Utf8 "java/lang/System"; // #23 at 0xBF
Utf8 "out"; // #24 at 0xD2
Utf8 "Ljava/io/PrintStream;"; // #25 at 0xD8
Utf8 "java/io/PrintStream"; // #26 at 0xF0
Utf8 ""; // #27 at 0x0106
Utf8 "()V"; // #28 at 0x0110
} // Constant Pool
0x0021; // access
#5;// this_cpx
#6;// super_cpx
[0] { // Interfaces
} // Interfaces
[0] { // fields
} // fields
[2] { // methods
{ // Member at 0x0134
0x0001; // access
#7; // name_cpx
#8; // sig_cpx
[1] { // Attributes
Attr(#9, 29) { // Code at 0x013C
1; // max_stack
1; // max_locals
Bytes[5]{
0x2AB70001B1;
};
[0] { // Traps
} // end Traps
[1] { // Attributes
Attr(#10, 6) { // LineNumberTable at 0x0153
[1] { // LineNumberTable
0 2; // at 0x015F
}
} // end LineNumberTable
} // Attributes
} // end Code
} // Attributes
} // Member
;
{ // Member at 0x015F
0x0009; // access
#11; // name_cpx
#12; // sig_cpx
[1] { // Attributes
Attr(#9, 37) { // Code at 0x0167
2; // max_stack
1; // max_locals
Bytes[9]{
0xB200021203B60004;
0xB1;
};
[0] { // Traps
} // end Traps
[1] { // Attributes
Attr(#10, 10) { // LineNumberTable at 0x0182
[2] { // LineNumberTable
0 4; // at 0x018E
8 5; // at 0x0192
}
} // end LineNumberTable
} // Attributes
} // end Code
} // Attributes
} // Member
} // methods
[1] { // Attributes
Attr(#13, 2) { // SourceFile at 0x0194
#14;
} // end SourceFile
} // Attributes
} // end class emptyNameUtf8
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*
*/
// This class has an illegal NameAndType at constant pool #4. It's illegal because
// the type that it points to at #28 is a zero length Utf8 string which is not a
// valid signature. Loading this class should cause a ClassFormatError exception.
class emptySigUtf8 {
0xCAFEBABE;
0; // minor version
52; // version
[29] { // Constant Pool
; // first element is empty
Method #6 #15; // #1 at 0x0A
Field #16 #17; // #2 at 0x0F
String #18; // #3 at 0x14
NameAndType #27 #28; // #4 at 0x9F
class #21; // #5 at 0x1C
class #22; // #6 at 0x1F
Utf8 "<init>"; // #7 at 0x22
Utf8 "()V"; // #8 at 0x2B
Utf8 "Code"; // #9 at 0x2E
Utf8 "LineNumberTable"; // #10 at 0x35
Utf8 "main"; // #11 at 0x47
Utf8 "([Ljava/lang/String;)V"; // #12 at 0x4E
Utf8 "SourceFile"; // #13 at 0x67
Utf8 "emptySigUtf8.java"; // #14 at 0x74
NameAndType #7 #8; // #15 at 0x81
class #23; // #16 at 0x86
NameAndType #24 #25; // #17 at 0x89
Utf8 "Hello World"; // #18 at 0x8E
class #26; // #19 at 0x9C
Method #19 #4; // #20 at 0x17
Utf8 "emptySigUtf8"; // #21 at 0xA4
Utf8 "java/lang/Object"; // #22 at 0xAC
Utf8 "java/lang/System"; // #23 at 0xBF
Utf8 "out"; // #24 at 0xD2
Utf8 "Ljava/io/PrintStream;"; // #25 at 0xD8
Utf8 "java/io/PrintStream"; // #26 at 0xF0
Utf8 "hi"; // #27 at 0x0106
Utf8 ""; // #28 at 0x0110
} // Constant Pool
0x0021; // access
#5;// this_cpx
#6;// super_cpx
[0] { // Interfaces
} // Interfaces
[0] { // fields
} // fields
[2] { // methods
{ // Member at 0x0134
0x0001; // access
#7; // name_cpx
#8; // sig_cpx
[1] { // Attributes
Attr(#9, 29) { // Code at 0x013C
1; // max_stack
1; // max_locals
Bytes[5]{
0x2AB70001B1;
};
[0] { // Traps
} // end Traps
[1] { // Attributes
Attr(#10, 6) { // LineNumberTable at 0x0153
[1] { // LineNumberTable
0 2; // at 0x015F
}
} // end LineNumberTable
} // Attributes
} // end Code
} // Attributes
} // Member
;
{ // Member at 0x015F
0x0009; // access
#11; // name_cpx
#12; // sig_cpx
[1] { // Attributes
Attr(#9, 37) { // Code at 0x0167
2; // max_stack
1; // max_locals
Bytes[9]{
0xB200021203B60004;
0xB1;
};
[0] { // Traps
} // end Traps
[1] { // Attributes
Attr(#10, 10) { // LineNumberTable at 0x0182
[2] { // LineNumberTable
0 4; // at 0x018E
8 5; // at 0x0192
}
} // end LineNumberTable
} // Attributes
} // end Code
} // Attributes
} // Member
} // methods
[1] { // Attributes
Attr(#13, 2) { // SourceFile at 0x0194
#14;
} // end SourceFile
} // Attributes
} // end class emptySigUtf8
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册