Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6704896

FD_SET usage can cause stack corruption (sol)

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: 7
    • Fix Version/s: 7
    • Component/s: client-libs
    • Labels:
    • Subcomponent:
    • Resolved In Build:
      b36
    • CPU:
      generic
    • OS:
      solaris

      Description

      This problem is present in all JDK versions containing the code described below, so backporting is needed.

      This applies applies to 32 bit Solaris: both sparc and x86. There is no problem with 64 bit Solaris.

      Function SplashEventLoop in ./solaris/native/sun/awt/splashscreen/splashscreen_sys.c uses FD_SET in two places on local array var fds, which only contains 2048 bits. If this code is executed with a descriptor-intensive application on a Solaris system configured to support greater than 2048 descriptors, the FD_SET usage will cause corruption of a caller's stack frame. Either poll must be used instead of select, or else FD_SETSIZE must be made 65536 when this module is compiled.

      See the select(3c) Solaris manpage and case PSARC/1997/110 for more details.

      The code in question is listed below:

      void
      SplashEventLoop(Splash * splash) {

          /* Different from win32 implementation - this loop
             uses select timeouts instead of a timer */
          /* we should have splash _locked_ on entry!!! */

          int xconn = XConnectionNumber(splash->display);

          while (1) {
              int ctl = splash->controlpipe[0];
              fd_set fds[2];
              int n = 0;
              struct timeval tv, *ptv;
              int rc;
              int time;
              int pipes_empty;

              FD_ZERO(fds);
              FD_SET(xconn, fds);
              ^^^^^^^^^^^^^^^^^^^ not sure if xconn
              if (xconn+1 > n)
                  n = xconn+1;
              FD_SET(ctl, fds);

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                anthony Anthony Petrov (Inactive)
                Reporter:
                psoper Pete Soper (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: