JDK-6944822 : Fix for 6938627 exposes problem with hard-coded buffer sizes
  • Type: Bug
  • Component: hotspot
  • Sub-Component: runtime
  • Affected Version: 7
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2010-04-18
  • Updated: 2012-10-08
  • Resolved: 2010-05-18
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7 Other
6u21pFixed 7Fixed hs19Fixed
Related Reports
Relates :  
JDK-6950927 - Testcase failure sun/management/jmxremote/bootstrap/JvmstatCountersTest.java
Relates :  
JDK-6938627 - Make temporary directory use property java.io.tmpdir when specified
Description
Andreas Kohn reports:

while reading a bit the hotspot sources I noticed a potential issue with
the fix for 6938627 (Make temporary directory use property
java.io.tmpdir when specified) in some places.

Before the fix the callers of get_temp_directory() could hardcode the
size of the filename buffer to a small number, but now that
get_temp_directory() returns a value settable by the user this looks a
bit dangerous.

In particular:
attachListener_linux.cpp:AttachListener::is_init_trigger()
attachListener_solaris.cpp:AttachListener::is_init_trigger()
  both use a 128 byte buffer

os_linux.cpp:linux_wrap_code()
  uses a 40 byte buffer.


Attached patch changes the buffers to PATH_MAX+1 bytes, the same value
used by other places that call get_temp_directory().
Comments
EVALUATION http://hg.openjdk.java.net/jdk7/hotspot/hotspot/rev/96d554193f72
12-05-2010
EVALUATION http://hg.openjdk.java.net/jdk7/hotspot-rt/hotspot/rev/96d554193f72
20-04-2010
SUGGESTED FIX # HG changeset patch # Parent ca2058c2816c4d22ea7a650df7383e342dfc7090 Use long enough buffer for file names in the temporary directory diff --git a/src/os/linux/vm/attachListener_linux.cpp b/src/os/linux/vm/attachListener_linux.cpp --- a/src/os/linux/vm/attachListener_linux.cpp +++ b/src/os/linux/vm/attachListener_linux.cpp @@ -461,7 +461,7 @@ bool AttachListener::is_init_trigger() { if (init_at_startup() || is_initialized()) { return false; // initialized at startup or already initialized } - char fn[128]; + char fn[PATH_MAX+1]; sprintf(fn, ".attach_pid%d", os::current_process_id()); int ret; struct stat64 st; diff --git a/src/os/linux/vm/os_linux.cpp b/src/os/linux/vm/os_linux.cpp --- a/src/os/linux/vm/os_linux.cpp +++ b/src/os/linux/vm/os_linux.cpp @@ -2305,7 +2305,7 @@ void linux_wrap_code(char* base, size_t return; } - char buf[40]; + char buf[PATH_MAX+1]; int num = Atomic::add(1, &cnt); snprintf(buf, sizeof(buf), "%s/hs-vm-%d-%d", diff --git a/src/os/solaris/vm/attachListener_solaris.cpp b/src/os/solaris/vm/attachListener_solaris.cpp --- a/src/os/solaris/vm/attachListener_solaris.cpp +++ b/src/os/solaris/vm/attachListener_solaris.cpp @@ -592,7 +592,7 @@ bool AttachListener::is_init_trigger() { if (init_at_startup() || is_initialized()) { return false; // initialized at startup or already initialized } - char fn[128]; + char fn[PATH_MAX+1]; sprintf(fn, ".attach_pid%d", os::current_process_id()); int ret; struct stat64 st;
18-04-2010