JDK-8339134 : Callers of Exceptions::fthrow should ensure exception message lengths avoid the INT_MAX limits of os::vsnprintf
  • Type: Sub-task
  • Component: hotspot
  • Sub-Component: runtime
  • Affected Version: 24
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2024-08-28
  • Updated: 2024-11-28
  • Resolved: 2024-11-25
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 24
24 b26Fixed
Related Reports
Relates :  
JDK-8338888 - SystemDictionary::class_name_symbol has incorrect length check
Description
Just to clarify the issue. The size 1024 is an internal buffer limit that fthrow uses - it is an implementation detail and not something the caller should think about. It is also not relevant to the underlying problem, which is the size of the buffer needed for the fully expanded format string, which os::vsnprintf will try to calculate and report. The intent is to check callers can't hit that underlying vsnprintf INT_MAX limit. When your format string only deals with a few symbols and symbols are always < 64K then we know we are nowhere near that INT_MAX limit. If your format string can take a potentially arbitrary (usually from outside) string then it needs to put its own size guard in place using %*s.

For example, in SystemDictionary::class_name_symbol we already report abridged messages using a similar style to the print limit in java_lang_String::print and the MaxStringPrintSize flag. Sample output:

[2.352s][info][exceptions] Exception <a 'java/lang/NoClassDefFoundError'{0x0000000454d97408}: Class name exceeds maximum length of 65535: zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz ... (65280 characters omitted) ... zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz> (0x0000000454d97408) 
thrown [/scratch/users/daholme/jdk-dev4.git/open/src/hotspot/share/classfile/systemDictionary.cpp, line 270]

Some code already imposes its own smaller limits that we extend to cover missing cases (e.g. DCmdArgument parsing).

For most code we simply add a comment reflecting that the call cannot be excessively large due to what is printed i.e. it only prints symbols which each must be < 64K.
Comments
Changeset: 8de158ae Branch: master Author: David Holmes <dholmes@openjdk.org> Date: 2024-11-25 19:55:26 +0000 URL: https://git.openjdk.org/jdk/commit/8de158aefe64d493e107ef310f510bab57beb251
25-11-2024
Call sites audited and no size problems found: - CodeHeapAnalyticsDCmd::execute (no string involved) Call sites with changes already made to limit the size: - SystemDictionary::class_name_symbol - DCmdArgument<jlong>::parse_value Call sites changed to add limit: - DCmdArgument<bool>::parse_value Call-sites annotated in this issue as they only involve Symbols ./share/classfile/classFileError.cpp ./share/classfile/classFileParser.cpp ./share/interpreter/linkResolver.cpp ./share/oops/instanceKlass.cpp ./share/oops/constantPool.cpp ./share/runtime/reflection.cpp
19-11-2024
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/21867 Date: 2024-11-04 07:00:38 +0000
04-11-2024