Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8211826

StringIndexOutOfBoundsException happens via GetStringUTFRegion()

    Details

    • Subcomponent:
    • Resolved In Build:
      b21
    • CPU:
      generic
    • OS:
      linux

      Backports

        Description

        In case of following JNI code, 4th parameter should be String length.
        (*env)->GetStringUTFRegion(env, filename, 0, len, filename_str);

        On src/java.desktop/unix/native/libawt_xawt/awt/awt_UNIXToolkit.c, UTF8 length is specified on 4th parameter.

        If non-ascii characters are in String, StringIndexOutOfBoundsException is happened.

        Test result is as follows:
        $ java GTKIconTestA
        WARNING: An illegal reflective access operation has occurred
        WARNING: Illegal reflective access by GTKIconTestA (file:xxxxxx) to method sun.awt.UNIXToolkit.loadGTK()
        WARNING: Please consider reporting this to the maintainers of GTKIconTestA
        WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
        WARNING: All illegal access operations will be denied in a future release
        abc=false
        Exception in thread "main" java.lang.reflect.InvocationTargetException
                at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
                at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.base/java.lang.reflect.Method.invoke(Method.java:566)
                at GTKIconTestA.main(GTKIconTestA.java:15)
        Caused by: java.lang.StringIndexOutOfBoundsException
                at java.desktop/sun.awt.UNIXToolkit.load_gtk_icon(Native Method)
                ... 5 more

        If String length is specified
        $ java GTKIconTestA
        WARNING: An illegal reflective access operation has occurred
        WARNING: Illegal reflective access by GTKIconTestA (file:xxxxxx) to method sun.awt.UNIXToolkit.loadGTK()
        WARNING: Please consider reporting this to the maintainers of GTKIconTestA
        WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
        WARNING: All illegal access operations will be denied in a future release
        abc=false
        \u3042=false

        Same kind of code is in src/java.desktop/unix/native/libawt_xawt/awt/swing_GTKEngine.c

        For src/java.desktop/unix/native/libawt_xawt/awt/swing_GTKEngine.c
        If I applied following debug code, I could see buffer overflow.
        ==============================
        diff -r a43d6467317d src/java.desktop/unix/native/libawt_xawt/awt/swing_GTKEngine.c
        --- a/src/java.desktop/unix/native/libawt_xawt/awt/swing_GTKEngine.c Wed May 01 14:35:28 2019 -0700
        +++ b/src/java.desktop/unix/native/libawt_xawt/awt/swing_GTKEngine.c Tue May 07 13:01:03 2019 +0900
        @@ -26,6 +26,8 @@
         #include <stdlib.h>
         #include "gtk_interface.h"
         #include "com_sun_java_swing_plaf_gtk_GTKEngine.h"
        +#include <unistd.h>
        +#include <string.h>

         /* Static buffer for conversion from java.lang.String to UTF-8 */
         static char conversionBuffer[CONV_BUFFER_SIZE];
        @@ -39,6 +41,8 @@
             }

             (*env)->GetStringUTFRegion(env, val, 0, length, conversionBuffer);
        + fprintf(stderr, "sizeof=%d, strlen=%d\n", sizeof(conversionBuffer), strlen(conversionBuffer));
        + fflush(stderr);
             return conversionBuffer;
         }

        ==============================

        $ java GTKEngineTest
        WARNING: An illegal reflective access operation has occurred
        WARNING: Illegal reflective access by GTKEngineTest (file:/home/isel/sandbox/jdk/) to method sun.awt.UNIXToolkit.loadGTK()
        WARNING: Please consider reporting this to the maintainers of GTKEngineTest
        WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
        WARNING: All illegal access operations will be denied in a future release
        sizeof=128, strlen=381
        obj=null

          Attachments

          1. GTKEngineTest.java
            1 kB
          2. GTKIconTest.java
            0.5 kB
          3. GTKIconTestA.java
            1 kB

            Issue Links

              Activity

                People

                • Assignee:
                  itakiguchi Ichiroh Takiguchi
                  Reporter:
                  itakiguchi Ichiroh Takiguchi
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: