Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8277029

JMM GetDiagnosticXXXInfo APIs should verify output array sizes

    XMLWordPrintable

    Details

    • Subcomponent:
      svc
    • Resolved In Build:
      b24

      Backports

        Description

        jmm_GetDiagnosticCommandArgumentsInfo and jmm_GetDiagnosticCommandInfo are used to query the hotspot about diagnostic commands. They provide output arrays for the information:

        ```
        void jmm_GetDiagnosticCommandArgumentsInfo(JNIEnv *env,
                  jstring command, dcmdArgInfo* infoArray)
        ```

        but array size is implicitly assumed to be known to both caller and callee. Caller and callee negotiate those sizes in prior steps, but things can go wrong. E.g. I recently hunted a bug where `DCmd::number_arguments()` was off - did not reflect the real number of its jcmd parameters - which led to a hidden memory overwriter.

        Thankfully, JDK-8264565 rewrote the dcmd framework to deal with this particular issue (The VM I analyzed was older). Still, it would be good if we had additional safety measures here.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                stuefe Thomas Stuefe
                Reporter:
                stuefe Thomas Stuefe
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: