JDK-8244225 : stringop-overflow warning on strncpy call from compile_the_world_in
  • Type: Bug
  • Component: hotspot
  • Sub-Component: runtime
  • Affected Version: 8,11
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2020-05-01
  • Updated: 2020-10-12
  • Resolved: 2020-05-05
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 8 Other
11.0.9-oracle b01Fixed 8u271Fixed openjdk8u282Fixed
Related Reports
Relates :  
JDK-8213153 - Clean up GCC 8 errors
Relates :  
JDK-8205201 - Problematic strncpy usage causes compiler warning on Fedora 28
Description
fastdebug builds of 8u and 11u result in the following warning when compiling with gcc 8.3:

/home/dbuck/backports/sanity/jdk11u-cpu/open/src/hotspot/share/classfile/classLoader.cpp: In static member function 'static void ClassLoader::compile_the_world_in(char*, Handle, Thread*)':
/home/dbuck/backports/sanity/jdk11u-cpu/open/src/hotspot/share/classfile/classLoader.cpp:2039:12: warning: 'char* strncpy(char*, const char*, size_t)' specified bound depends on the length of the source argument [-Wstringop-overflow=]
     strncpy(buffer, name, len - 6);
     ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~
/home/dbuck/backports/sanity/jdk11u-cpu/open/src/hotspot/share/classfile/classLoader.cpp:173:26: note: length computed here
   size_t str_len = strlen(str);
                    ~~~~~~^~~~~

This warning will cause builds to fail when warnings-as-errors is enabled (the default).

This code was removed in JDK 12 (see JDK-8213812), so JDK 11 and JDK 8 are the only LTS versions that need to be fixed. There are a number of similar issues elsewhere in 11u, but they can hopefully be addressed by backporting preexisting fixes from later releases.
Comments
FWIW, the reviewer was taken from the original JDK 11 patch. I'll add shade and yourself when pushing the JDK 8 patch. Thanks!
09-10-2020
I think it's worth fixing what looks like a potential buffer overflow, even if it is only in debug code. Incidentally, your webrev has the wrong reviewer (aph instead of shade). You can also add myself now as well.
08-10-2020
Fix Request (OpenJDK 8u): Please approve this for 8u. The patch didn't apply cleanly. The posted patch got reviewed by Aleksey Shipilev. The change affects only NOT_PRODUCT code paths (i.e. debug builds). Risk should be minimal. It's a parity patch for Oracle JDK 8. webrev: https://cr.openjdk.java.net/~sgehwolf/webrevs/JDK-8244225/01/webrev/ RFR: https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-September/012606.html
01-09-2020
Fix request (11u) -- will label after testing completed. I would like to implement this for parity with 11.0.9-oracle, and to enable warning-free gcc 8. http://mail.openjdk.java.net/pipermail/jdk-updates-dev/2020-June/003255.html
08-06-2020