OpenJDK / portola / portola
changeset 42098:546406cc9afc
8164501: Uninitialised memory in byteArrayToPacket of SharedMemoryConnection.c
Reviewed-by: sla, dsamersoff
| author | rehn |
|---|---|
| date | Mon, 24 Oct 2016 09:07:26 +0200 |
| parents | 06daeaae3631 |
| children | 1bf9a1b975fb |
| files | jdk/src/jdk.jdi/share/native/libdt_shmem/SharedMemoryConnection.c |
| diffstat | 1 files changed, 14 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/jdk/src/jdk.jdi/share/native/libdt_shmem/SharedMemoryConnection.c Thu Oct 20 17:05:27 2016 -0700 +++ b/jdk/src/jdk.jdi/share/native/libdt_shmem/SharedMemoryConnection.c Mon Oct 24 09:07:26 2016 +0200 @@ -174,9 +174,20 @@ * Get the packet header */ (*env)->GetByteArrayRegion(env, b, 0, sizeof(pktHeader), pktHeader); + if ((*env)->ExceptionOccurred(env)) { + /* b shorter than sizeof(pktHeader) */ + return; + } total_length = (int)pktHeader[3] | ((int)pktHeader[2] << 8) | ((int)pktHeader[1] << 16) | ((int)pktHeader[0] << 24); + + if (total_length < sizeof(pktHeader)) { + throwException(env, "java/lang/IllegalArgumentException", + "JDWP header is incorrect"); + return; + } + /* * The id field is in big endian (also errorCode field in the case * of reply packets). @@ -195,9 +206,9 @@ } /* - * The length of the JDWP packet is 11 + data + * The length of the JDWP packet is sizeof(pktHeader) + data */ - data_length = total_length - 11; + data_length = total_length - sizeof(pktHeader); if (data_length == 0) { data = NULL; @@ -209,7 +220,7 @@ return; } - (*env)->GetByteArrayRegion(env, b, 11, /*sizeof(CmdPacket)+4*/ data_length, data); + (*env)->GetByteArrayRegion(env, b, sizeof(pktHeader), /*sizeof(CmdPacket)+4*/ data_length, data); if ((*env)->ExceptionOccurred(env)) { free(data); return;