| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8141924 | emb-9 | Dmitry Dmitriev | P3 | Resolved | Fixed | team |
Arguments::add_property function in src/share/vm/runtime/arguments.cpp is used to add property.
This function allocated memory for key and value(in case if value is passed):
bool Arguments::add_property(const char* prop) {
...
key = AllocateHeap(key_len + 1, mtInternal);
strncpy(key, prop, key_len);
key[key_len] = '\0';
if (eq != NULL) {
size_t value_len = strlen(prop) - key_len - 1;
value = AllocateHeap(value_len + 1, mtInternal);
strncpy(value, &prop[key_len + 1], value_len + 1);
}
The property is updated by calling PropertyList_unique_add and passing 'key' and 'value' to this function:
bool Arguments::add_property(const char* prop) {
...
_java_vendor_url_bug = value;
} else if (strcmp(key, "sun.boot.library.path") == 0) {
PropertyList_unique_add(&_system_properties, key, value, true);
return true;
}
// Create new property and add at the end of the list
PropertyList_unique_add(&_system_properties, key, value);
return true;
}
PropertyList_unique_add function look for existing property and update(or append to) value of property, or create a new property.
void Arguments::PropertyList_unique_add(SystemProperty** plist, const char* k, char* v, jboolean append) {
if (plist == NULL)
return;
// If property key exist then update with new value.
SystemProperty* prop;
for (prop = *plist; prop != NULL; prop = prop->next()) {
if (strcmp(k, prop->key()) == 0) {
if (append) {
prop->append_value(v);
} else {
prop->set_value(v);
}
return;
}
}
PropertyList_add(plist, k, v);
}
The problem is following: SystemProperty contains it's own copy of the key and value and always copy provided data to it(when creating SystemProperty or when updating it via append_value or set_value). Therefore Arguments::add_property should free 'key' and 'value' after calling to PropertyList_unique_add function.
Also, Arguments::add_property not check return value of AllocateHeap function when allocating 'key' and 'value'.
This function allocated memory for key and value(in case if value is passed):
bool Arguments::add_property(const char* prop) {
...
key = AllocateHeap(key_len + 1, mtInternal);
strncpy(key, prop, key_len);
key[key_len] = '\0';
if (eq != NULL) {
size_t value_len = strlen(prop) - key_len - 1;
value = AllocateHeap(value_len + 1, mtInternal);
strncpy(value, &prop[key_len + 1], value_len + 1);
}
The property is updated by calling PropertyList_unique_add and passing 'key' and 'value' to this function:
bool Arguments::add_property(const char* prop) {
...
_java_vendor_url_bug = value;
} else if (strcmp(key, "sun.boot.library.path") == 0) {
PropertyList_unique_add(&_system_properties, key, value, true);
return true;
}
// Create new property and add at the end of the list
PropertyList_unique_add(&_system_properties, key, value);
return true;
}
PropertyList_unique_add function look for existing property and update(or append to) value of property, or create a new property.
void Arguments::PropertyList_unique_add(SystemProperty** plist, const char* k, char* v, jboolean append) {
if (plist == NULL)
return;
// If property key exist then update with new value.
SystemProperty* prop;
for (prop = *plist; prop != NULL; prop = prop->next()) {
if (strcmp(k, prop->key()) == 0) {
if (append) {
prop->append_value(v);
} else {
prop->set_value(v);
}
return;
}
}
PropertyList_add(plist, k, v);
}
The problem is following: SystemProperty contains it's own copy of the key and value and always copy provided data to it(when creating SystemProperty or when updating it via append_value or set_value). Therefore Arguments::add_property should free 'key' and 'value' after calling to PropertyList_unique_add function.
Also, Arguments::add_property not check return value of AllocateHeap function when allocating 'key' and 'value'.
- backported by
-
JDK-8141924 Memory leak in Arguments::add_property function
-
- Resolved
-
- relates to
-
JDK-8144197 Possible use after free in Arguments::add_property function
-
- Resolved
-