From e30df494a4e2144b383d880b9c95ee30c59fbe2e Mon Sep 17 00:00:00 2001 From: hseigel Date: Thu, 13 Feb 2014 11:28:17 -0500 Subject: [PATCH] 8030763: Validate global memory allocation Summary: Add length checks where necessary Reviewed-by: coleenp, mschoene --- src/os/bsd/vm/os_bsd.cpp | 9 +++------ src/os/linux/vm/os_linux.cpp | 8 +++----- src/os/solaris/vm/os_solaris.cpp | 8 +++----- src/os/windows/vm/os_windows.cpp | 22 ++++++---------------- src/share/vm/compiler/compileBroker.cpp | 3 ++- src/share/vm/runtime/os.hpp | 5 +---- src/share/vm/utilities/vmError.cpp | 3 +-- 7 files changed, 19 insertions(+), 39 deletions(-) diff --git a/src/os/bsd/vm/os_bsd.cpp b/src/os/bsd/vm/os_bsd.cpp index 1bea78444..38dbf8329 100644 --- a/src/os/bsd/vm/os_bsd.cpp +++ b/src/os/bsd/vm/os_bsd.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1115,10 +1115,6 @@ void os::die() { ::abort(); } -// unused on bsd for now. -void os::set_error_file(const char *logfile) {} - - // This method is a copy of JDK's sysGetLastErrorString // from src/solaris/hpi/src/system_md.c @@ -1808,6 +1804,7 @@ void os::jvm_path(char *buf, jint buflen) { // determine if this is a legacy image or modules image // modules image doesn't have "jre" subdirectory len = strlen(buf); + assert(len < buflen, "Ran out of buffer space"); jrelib_p = buf + len; // Add the appropriate library subdir @@ -1841,7 +1838,7 @@ void os::jvm_path(char *buf, jint buflen) { } } - strcpy(saved_jvm_path, buf); + strncpy(saved_jvm_path, buf, MAXPATHLEN); } void os::print_jni_name_prefix_on(outputStream* st, int args_size) { diff --git a/src/os/linux/vm/os_linux.cpp b/src/os/linux/vm/os_linux.cpp index 1bb329015..1e2c95be0 100644 --- a/src/os/linux/vm/os_linux.cpp +++ b/src/os/linux/vm/os_linux.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1572,9 +1572,6 @@ void os::die() { ::abort(); } -// unused on linux for now. -void os::set_error_file(const char *logfile) {} - // This method is a copy of JDK's sysGetLastErrorString // from src/solaris/hpi/src/system_md.c @@ -2399,6 +2396,7 @@ void os::jvm_path(char *buf, jint buflen) { // determine if this is a legacy image or modules image // modules image doesn't have "jre" subdirectory len = strlen(buf); + assert(len < buflen, "Ran out of buffer room"); jrelib_p = buf + len; snprintf(jrelib_p, buflen-len, "/jre/lib/%s", cpu_arch); if (0 != access(buf, F_OK)) { @@ -2419,7 +2417,7 @@ void os::jvm_path(char *buf, jint buflen) { } } - strcpy(saved_jvm_path, buf); + strncpy(saved_jvm_path, buf, MAXPATHLEN); } void os::print_jni_name_prefix_on(outputStream* st, int args_size) { diff --git a/src/os/solaris/vm/os_solaris.cpp b/src/os/solaris/vm/os_solaris.cpp index 8e5984ffa..deea14347 100644 --- a/src/os/solaris/vm/os_solaris.cpp +++ b/src/os/solaris/vm/os_solaris.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1788,9 +1788,6 @@ void os::die() { ::abort(); // dump core (for debugging) } -// unused -void os::set_error_file(const char *logfile) {} - // DLL functions const char* os::dll_file_extension() { return ".so"; } @@ -2474,6 +2471,7 @@ void os::jvm_path(char *buf, jint buflen) { // determine if this is a legacy image or modules image // modules image doesn't have "jre" subdirectory len = strlen(buf); + assert(len < buflen, "Ran out of buffer space"); jrelib_p = buf + len; snprintf(jrelib_p, buflen-len, "/jre/lib/%s", cpu_arch); if (0 != access(buf, F_OK)) { @@ -2492,7 +2490,7 @@ void os::jvm_path(char *buf, jint buflen) { } } - strcpy(saved_jvm_path, buf); + strncpy(saved_jvm_path, buf, MAXPATHLEN); } diff --git a/src/os/windows/vm/os_windows.cpp b/src/os/windows/vm/os_windows.cpp index 7daee3563..c52424ca4 100644 --- a/src/os/windows/vm/os_windows.cpp +++ b/src/os/windows/vm/os_windows.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1819,7 +1819,8 @@ void os::jvm_path(char *buf, jint buflen) { // libjvm.so is installed there (append a fake suffix // hotspot/libjvm.so). char* java_home_var = ::getenv("JAVA_HOME"); - if (java_home_var != NULL && java_home_var[0] != 0) { + if (java_home_var != NULL && java_home_var[0] != 0 && + strlen(java_home_var) < (size_t)buflen) { strncpy(buf, java_home_var, buflen); @@ -1837,9 +1838,9 @@ void os::jvm_path(char *buf, jint buflen) { } if(buf[0] == '\0') { - GetModuleFileName(vm_lib_handle, buf, buflen); + GetModuleFileName(vm_lib_handle, buf, buflen); } - strcpy(saved_jvm_path, buf); + strncpy(saved_jvm_path, buf, MAX_PATH); } @@ -2290,19 +2291,8 @@ LONG WINAPI Handle_FLT_Exception(struct _EXCEPTION_POINTERS* exceptionInfo) { } */ -#endif //_WIN64 - - -// Fatal error reporting is single threaded so we can make this a -// static and preallocated. If it's more than MAX_PATH silently ignore -// it. -static char saved_error_file[MAX_PATH] = {0}; +#endif // _WIN64 -void os::set_error_file(const char *logfile) { - if (strlen(logfile) <= MAX_PATH) { - strncpy(saved_error_file, logfile, MAX_PATH); - } -} static inline void report_error(Thread* t, DWORD exception_code, address addr, void* siginfo, void* context) { diff --git a/src/share/vm/compiler/compileBroker.cpp b/src/share/vm/compiler/compileBroker.cpp index f8fa26ff8..3a389e4cc 100644 --- a/src/share/vm/compiler/compileBroker.cpp +++ b/src/share/vm/compiler/compileBroker.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -2089,6 +2089,7 @@ void CompileBroker::set_last_compile(CompilerThread* thread, methodHandle method ResourceMark rm; char* method_name = method->name()->as_C_string(); strncpy(_last_method_compiled, method_name, CompileBroker::name_buffer_length); + _last_method_compiled[CompileBroker::name_buffer_length - 1] = '\0'; // ensure null terminated char current_method[CompilerCounters::cmname_buffer_length]; size_t maxLen = CompilerCounters::cmname_buffer_length; diff --git a/src/share/vm/runtime/os.hpp b/src/share/vm/runtime/os.hpp index 17fcd3bdd..879283b08 100644 --- a/src/share/vm/runtime/os.hpp +++ b/src/share/vm/runtime/os.hpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -470,9 +470,6 @@ class os: AllStatic { // run cmd in a separate process and return its exit code; or -1 on failures static int fork_and_exec(char *cmd); - // Set file to send error reports. - static void set_error_file(const char *logfile); - // os::exit() is merged with vm_exit() // static void exit(int num); diff --git a/src/share/vm/utilities/vmError.cpp b/src/share/vm/utilities/vmError.cpp index bbf983953..ca69bb98a 100644 --- a/src/share/vm/utilities/vmError.cpp +++ b/src/share/vm/utilities/vmError.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -975,7 +975,6 @@ void VMError::report_and_die() { if (fd != -1) { out.print_raw("# An error report file with more information is saved as:\n# "); out.print_raw_cr(buffer); - os::set_error_file(buffer); log.set_fd(fd); } else { -- GitLab