Bug ID: JDK-8160987 JDWP ClassType.InvokeMethod doesn't validate class

Type: Bug
Component: core-svc
Sub-Component: debugger
Affected Version: 9

Priority: P3
Status: Resolved
Resolution: Fixed

Submitted: 2016-07-07
Updated: 2016-10-13
Resolved: 2016-09-21

JDK 9
9 b140Fixed

Specification of ClassType.InvokeMethod says:
"The method must be member of the class type or one of its superclasses".

However, the command allows to invoke method passing an arbitrary class.

Example (pseudocode):
============================
Debuggee classes:

public class A { }
public class B {
    public static void testedMethod() { }
}
============================
Debugger pseudocode:

threadId = suspendThread()
classIdA = getClassId("A")
classIdB = getClassId("B")
methodId = getMethodId(classIdB, "testedMethod")
ClassType.InvokeMethod(classIdA, threadId, methodId)
============================
Such debugger code invokes the method with error code NONE, but INVALID_METHODID is expected.

URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/793b76d431f1 User: lana Date: 2016-10-12 19:59:33 +0000
12-10-2016
URL: http://hg.openjdk.java.net/jdk9/hs/jdk/rev/793b76d431f1 User: hseigel Date: 2016-09-21 14:58:53 +0000
21-09-2016
Issue submitter Stanislav is the JCK owner and should be able to help. Also added JCK area lead Leonid Kuskov to watch list of issue.
16-09-2016
As noted above, JDI's ClassType.InvokeMethod rejects such an invocation with IllegalArgumentException. The JDWP layer is built on top of JNI's CallStatic<Type>Method family of functions and assumes that the JNI layer has the same set of restrictions that the JDWP layer has. However, we see from JDK-8160984 "JNI CallStatic<Type>Method don't validate class" that JDWP's assumptions about the JNI layer are wrong. Here's an example of the JNI CallStaticVoidMethodA() usage by the JDWP_ClassType_InvokeMethod command: jdk/src/jdk.jdwp.agent/share/native/libjdwp/invoker.c: static void invokeStatic(JNIEnv env, InvokeRequest request) { switch(returnTypeTag(request->methodSignature)) { case JDWP_TAG(OBJECT): case JDWP_TAG(ARRAY): { <snip> case JDWP_TAG(VOID): JNI_FUNC_PTR(env,CallStaticVoidMethodA)(env, request->clazz, request->method, request->arguments); break; default: EXIT_ERROR(AGENT_ERROR_NULL_POINTER,"Invalid method signature"); break; } } It might be possible to add logic in invokeStatic() that checks the validity of the 'clazz' and 'method' parameters and returns an illegal argument via the JDWP outstream. A call kind of like this: outStream_setError(out, JDWP_ERROR(ILLEGAL_ARGUMENT)); Note that invokeStatic() is a void method so you don't return errors in the traditional way. You set the error state on the JDWP output stream and return to the caller who (correctly) assumes that you did your work. You did the requested "invoke" operation so the caller of invokeStatic() will return "true" and that error state should propogate all the way back across the "wire" to the JDWP client. Of course, invokeStatic() doesn't have direct access to 'out' so some state might have to set/changed via the InvokeRequest *request parameter. And some JNI code will have to written to check 'clazz' and 'method' parameters to determine if we're in an error state.
02-09-2016
JCK tests that fail due to this issue: vm/jdwp/ClassType/InvokeMethod/invokemeth003/invokemeth003.html vm/jdwp/ClassType/InvokeMethod/invokemeth004/invokemeth004.html Just FYI: tests are integrated in JCK 9 b41, promotion date - July 20.
13-07-2016
Same issue as JDK-8160984
11-07-2016
JDI's ClassType.InvokeMethod rejects such invocation with IllegalArgumentException.
07-07-2016
I believe that this bug is caused by JDK-8160984, but that needs to be double-checked and confirmed by JDK team.
07-07-2016

Relates :	JDK-8040167 - JDWP spec for ClassType#InvokeMethod contradicts JLS
Relates :	JDK-8160984 - JNI CallStaticMethod don't validate class