P3 Name: chT40241 Date: 09/17/97
The Problem
When stepping through java code with long method names or signatures, the native code that decodes frame information is susceptible to crashing. That code (RPI_decode_stack_frame) uses a fixed length buffer as a place to temporarily copy method names and signatures. Long names will overflow the buffer, trashing the stack.
It turns out that the local buffer isn't even necessary. Here's a diff for a fix we have made on our copy of the source.
*** c:\temp\agent.c Tue Sep 16 10:49:43 1997
--- d:\jdk1.1.4\src\share\sun\debug\agent.c Tue Sep 16 10:48:38 1997
***************
*** 288,293 ****
--- 288,294 ----
int nLocalVars;
struct localvar *lv;
Hsun_tools_debug_LineNumber *ln;
+ char *namePtr; /* GVH SAS2 string overflow */
/* a normal method */
ClassClass *cb = fieldclass(&mb->fb);
***************
*** 295,304 ****
*clazz = cbHandle(cb);
classname2string(cbName(cb), buf, sizeof(buf));
*className = makeJavaString(buf, strlen(buf));
! strcpy(buf, fieldname(&mb->fb));
! *methodName = makeJavaString(buf, strlen(buf));
! strcpy(buf, fieldsig(&mb->fb));
! *methodSignature = makeJavaString(buf, strlen(buf));
*pc = frame->lastpc - mb->code;
*pcAbsolute = (int32_t)frame->lastpc;
*lineno = (int32_t)pc2lineno(mb, *pc);
--- 296,305 ----
*clazz = cbHandle(cb);
classname2string(cbName(cb), buf, sizeof(buf));
*className = makeJavaString(buf, strlen(buf));
! namePtr = fieldname(&mb->fb); /* GVH SAS2 string overflow */
! *methodName = makeJavaString(namePtr, strlen(namePtr)); /* GVH SAS2 string overflow */
! namePtr = fieldsig(&mb->fb); /* GVH SAS2 string overflow */
! *methodSignature = makeJavaString(namePtr, strlen(namePtr)); /* GVH SAS2 string overflow */
*pc = frame->lastpc - mb->code;
*pcAbsolute = (int32_t)frame->lastpc;
*lineno = (int32_t)pc2lineno(mb, *pc);
======================================================================
jeff.hsiao@Eng 1997-10-17
No specific test case available. Implicitly tested, closed with exposure