United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6944822 Fix for 6938627 exposes problem with hard-coded buffer sizes
JDK-6944822 : Fix for 6938627 exposes problem with hard-coded buffer sizes

Details
Type:
Bug
Submit Date:
2010-04-18
Status:
Closed
Updated Date:
2012-10-08
Project Name:
JDK
Resolved Date:
2010-05-18
Component:
hotspot
OS:
generic
Sub-Component:
runtime
CPU:
generic
Priority:
P3
Resolution:
Fixed
Affected Versions:
7
Fixed Versions:
hs19 (b01)

Related Reports
Backport:
Backport:
Backport:
Backport:
Relates:
Relates:

Sub Tasks

Description
Andreas Kohn reports:

while reading a bit the hotspot sources I noticed a potential issue with
the fix for 6938627 (Make temporary directory use property
java.io.tmpdir when specified) in some places.

Before the fix the callers of get_temp_directory() could hardcode the
size of the filename buffer to a small number, but now that
get_temp_directory() returns a value settable by the user this looks a
bit dangerous.

In particular:
attachListener_linux.cpp:AttachListener::is_init_trigger()
attachListener_solaris.cpp:AttachListener::is_init_trigger()
  both use a 128 byte buffer

os_linux.cpp:linux_wrap_code()
  uses a 40 byte buffer.


Attached patch changes the buffers to PATH_MAX+1 bytes, the same value
used by other places that call get_temp_directory().

                                    

Comments
SUGGESTED FIX

# HG changeset patch
# Parent ca2058c2816c4d22ea7a650df7383e342dfc7090
Use long enough buffer for file names in the temporary directory

diff --git a/src/os/linux/vm/attachListener_linux.cpp b/src/os/linux/vm/attachListener_linux.cpp
--- a/src/os/linux/vm/attachListener_linux.cpp
+++ b/src/os/linux/vm/attachListener_linux.cpp
@@ -461,7 +461,7 @@ bool AttachListener::is_init_trigger() {
   if (init_at_startup() || is_initialized()) {
     return false;               // initialized at startup or already initialized
   }
-  char fn[128];
+  char fn[PATH_MAX+1];
   sprintf(fn, ".attach_pid%d", os::current_process_id());
   int ret;
   struct stat64 st;
diff --git a/src/os/linux/vm/os_linux.cpp b/src/os/linux/vm/os_linux.cpp
--- a/src/os/linux/vm/os_linux.cpp
+++ b/src/os/linux/vm/os_linux.cpp
@@ -2305,7 +2305,7 @@ void linux_wrap_code(char* base, size_t 
     return;
   }
 
-  char buf[40];
+  char buf[PATH_MAX+1];
   int num = Atomic::add(1, &cnt);
 
   snprintf(buf, sizeof(buf), "%s/hs-vm-%d-%d",
diff --git a/src/os/solaris/vm/attachListener_solaris.cpp b/src/os/solaris/vm/attachListener_solaris.cpp
--- a/src/os/solaris/vm/attachListener_solaris.cpp
+++ b/src/os/solaris/vm/attachListener_solaris.cpp
@@ -592,7 +592,7 @@ bool AttachListener::is_init_trigger() {
   if (init_at_startup() || is_initialized()) {
     return false;               // initialized at startup or already initialized
   }
-  char fn[128];
+  char fn[PATH_MAX+1];
   sprintf(fn, ".attach_pid%d", os::current_process_id());
   int ret;
   struct stat64 st;
                                     
2010-04-18
EVALUATION

http://hg.openjdk.java.net/jdk7/hotspot-rt/hotspot/rev/96d554193f72
                                     
2010-04-20
EVALUATION

http://hg.openjdk.java.net/jdk7/hotspot/hotspot/rev/96d554193f72
                                     
2010-05-12



Hardware and Software, Engineered to Work Together