Bug ID: JDK-8211826 StringIndexOutOfBoundsException happens via GetStringUTFRegion()

Type: Bug
Component: client-libs
Sub-Component: java.awt
Affected Version: 11,12

Priority: P3
Status: Resolved
Resolution: Fixed
OS: linux
CPU: generic

Submitted: 2018-10-07
Updated: 2019-10-20
Resolved: 2019-05-09

JDK 11	JDK 13
11.0.4Fixed	13 b21Fixed

In case of following JNI code, 4th parameter should be String length.
(*env)->GetStringUTFRegion(env, filename, 0, len, filename_str);

On src/java.desktop/unix/native/libawt_xawt/awt/awt_UNIXToolkit.c, UTF8 length is specified on 4th parameter.

If non-ascii characters are in String, StringIndexOutOfBoundsException is happened.

Test result is as follows:
$ java GTKIconTestA
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by GTKIconTestA (file:xxxxxx) to method sun.awt.UNIXToolkit.loadGTK()
WARNING: Please consider reporting this to the maintainers of GTKIconTestA
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
abc=false
Exception in thread "main" java.lang.reflect.InvocationTargetException
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at GTKIconTestA.main(GTKIconTestA.java:15)
Caused by: java.lang.StringIndexOutOfBoundsException
        at java.desktop/sun.awt.UNIXToolkit.load_gtk_icon(Native Method)
        ... 5 more

If String length is specified
$ java GTKIconTestA
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by GTKIconTestA (file:xxxxxx) to method sun.awt.UNIXToolkit.loadGTK()
WARNING: Please consider reporting this to the maintainers of GTKIconTestA
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
abc=false
\u3042=false

Same kind of code is in src/java.desktop/unix/native/libawt_xawt/awt/swing_GTKEngine.c

For  src/java.desktop/unix/native/libawt_xawt/awt/swing_GTKEngine.c
If I applied following debug code, I could see buffer overflow.
==============================
diff -r a43d6467317d src/java.desktop/unix/native/libawt_xawt/awt/swing_GTKEngine.c
--- a/src/java.desktop/unix/native/libawt_xawt/awt/swing_GTKEngine.c    Wed May 01 14:35:28 2019 -0700
+++ b/src/java.desktop/unix/native/libawt_xawt/awt/swing_GTKEngine.c    Tue May 07 13:01:03 2019 +0900
@@ -26,6 +26,8 @@
 #include <stdlib.h>
 #include "gtk_interface.h"
 #include "com_sun_java_swing_plaf_gtk_GTKEngine.h"
+#include <unistd.h>
+#include <string.h>

 /* Static buffer for conversion from java.lang.String to UTF-8 */
 static char conversionBuffer[CONV_BUFFER_SIZE];
@@ -39,6 +41,8 @@
     }

     (*env)->GetStringUTFRegion(env, val, 0, length, conversionBuffer);
+    fprintf(stderr, "sizeof=%d, strlen=%d\n", sizeof(conversionBuffer), strlen(conversionBuffer));
+    fflush(stderr);
     return conversionBuffer;
 }

==============================

$ java GTKEngineTest
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by GTKEngineTest (file:/home/isel/sandbox/jdk/) to method sun.awt.UNIXToolkit.loadGTK()
WARNING: Please consider reporting this to the maintainers of GTKEngineTest
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
sizeof=128, strlen=381
obj=null

Fix Request It's one of buffer overflow issue, and we'd like to request the fix in 11u. The patch could apply cleanly. jtreg testcase also worked as expected.

19-05-2019