OpenJDK / jdk / jdk
changeset 35868:bf29f15cdf30
8147500: The HashtableTextDump::get_num() should check for integer overflow
Summary: Add check for integer overflow in HashtableTextDump::get_num()
Reviewed-by: dholmes, iklam
| author | jiangli |
|---|---|
| date | Wed, 27 Jan 2016 22:39:03 -0500 |
| parents | e20281e87b93 |
| children | 3a406827dde4 |
| files | hotspot/src/share/vm/classfile/compactHashtable.cpp hotspot/src/share/vm/classfile/compactHashtable.hpp |
| diffstat | 2 files changed, 19 insertions(+), 16 deletions(-) [+] |
line wrap: on
line diff
--- a/hotspot/src/share/vm/classfile/compactHashtable.cpp Thu Jan 28 02:30:57 2016 +0100 +++ b/hotspot/src/share/vm/classfile/compactHashtable.cpp Wed Jan 27 22:39:03 2016 -0500 @@ -365,14 +365,14 @@ } int HashtableTextDump::skip(char must_be_char) { - corrupted_if(remain() < 1); - corrupted_if(*_p++ != must_be_char); + corrupted_if(remain() < 1, "Truncated"); + corrupted_if(*_p++ != must_be_char, "Unexpected character"); return 0; } void HashtableTextDump::skip_past(char c) { for (;;) { - corrupted_if(remain() < 1); + corrupted_if(remain() < 1, "Truncated"); if (*_p++ == c) { return; } @@ -381,7 +381,7 @@ void HashtableTextDump::check_version(const char* ver) { int len = (int)strlen(ver); - corrupted_if(remain() < len); + corrupted_if(remain() < len, "Truncated"); if (strncmp(_p, ver, len) != 0) { quit("wrong version of hashtable dump file", _filename); } @@ -451,7 +451,7 @@ jchar HashtableTextDump::unescape(const char* from, const char* end, int count) { jchar value = 0; - corrupted_if(from + count > end); + corrupted_if(from + count > end, "Truncated"); for (int i=0; i<count; i++) { char c = *from++; @@ -486,7 +486,7 @@ if (*from != '\\') { *to++ = *from++; } else { - corrupted_if(from + 2 > end); + corrupted_if(from + 2 > end, "Truncated"); char c = from[1]; from += 2; switch (c) { @@ -507,7 +507,7 @@ } } } - corrupted_if(n > 0); // expected more chars but file has ended + corrupted_if(n > 0, "Truncated"); // expected more chars but file has ended _p = from; skip_newline(); }
--- a/hotspot/src/share/vm/classfile/compactHashtable.hpp Thu Jan 28 02:30:57 2016 +0100 +++ b/hotspot/src/share/vm/classfile/compactHashtable.hpp Wed Jan 27 22:39:03 2016 -0500 @@ -276,9 +276,9 @@ void corrupted(const char *p, const char *msg); - inline void corrupted_if(bool cond) { + inline void corrupted_if(bool cond, const char *msg) { if (cond) { - corrupted(_p, NULL); + corrupted(_p, msg); } } @@ -287,27 +287,30 @@ void skip_past(char c); void check_version(const char* ver); - inline bool get_num(char delim, int *utf8_length) { + inline void get_num(char delim, int *num) { const char* p = _p; const char* end = _end; - int num = 0; + u8 n = 0; while (p < end) { char c = *p ++; if ('0' <= c && c <= '9') { - num = num * 10 + (c - '0'); + n = n * 10 + (c - '0'); + if (n > (u8)INT_MAX) { + corrupted(_p, "Num overflow"); + } } else if (c == delim) { _p = p; - *utf8_length = num; - return true; + *num = (int)n; + return; } else { // Not [0-9], not 'delim' - return false; + corrupted(_p, "Unrecognized format");; } } + corrupted(_end, "Incorrect format"); ShouldNotReachHere(); - return false; } void scan_prefix_type();