-
Bug
-
Resolution: Fixed
-
P3
-
11, 12
-
b21
-
generic
-
linux
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8232661 | 11.0.6-oracle | Ichiroh Takiguchi | P3 | Resolved | Fixed | b02 |
| JDK-8224271 | 11.0.4 | Ichiroh Takiguchi | P3 | Resolved | Fixed | b04 |
In case of following JNI code, 4th parameter should be String length.
(*env)->GetStringUTFRegion(env, filename, 0, len, filename_str);
On src/java.desktop/unix/native/libawt_xawt/awt/awt_UNIXToolkit.c, UTF8 length is specified on 4th parameter.
If non-ascii characters are in String, StringIndexOutOfBoundsException is happened.
Test result is as follows:
$ java GTKIconTestA
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by GTKIconTestA (file:xxxxxx) to method sun.awt.UNIXToolkit.loadGTK()
WARNING: Please consider reporting this to the maintainers of GTKIconTestA
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
abc=false
Exception in thread "main" java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at GTKIconTestA.main(GTKIconTestA.java:15)
Caused by: java.lang.StringIndexOutOfBoundsException
at java.desktop/sun.awt.UNIXToolkit.load_gtk_icon(Native Method)
... 5 more
If String length is specified
$ java GTKIconTestA
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by GTKIconTestA (file:xxxxxx) to method sun.awt.UNIXToolkit.loadGTK()
WARNING: Please consider reporting this to the maintainers of GTKIconTestA
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
abc=false
\u3042=false
Same kind of code is in src/java.desktop/unix/native/libawt_xawt/awt/swing_GTKEngine.c
For src/java.desktop/unix/native/libawt_xawt/awt/swing_GTKEngine.c
If I applied following debug code, I could see buffer overflow.
==============================
diff -r a43d6467317d src/java.desktop/unix/native/libawt_xawt/awt/swing_GTKEngine.c
--- a/src/java.desktop/unix/native/libawt_xawt/awt/swing_GTKEngine.c Wed May 01 14:35:28 2019 -0700
+++ b/src/java.desktop/unix/native/libawt_xawt/awt/swing_GTKEngine.c Tue May 07 13:01:03 2019 +0900
@@ -26,6 +26,8 @@
#include <stdlib.h>
#include "gtk_interface.h"
#include "com_sun_java_swing_plaf_gtk_GTKEngine.h"
+#include <unistd.h>
+#include <string.h>
/* Static buffer for conversion from java.lang.String to UTF-8 */
static char conversionBuffer[CONV_BUFFER_SIZE];
@@ -39,6 +41,8 @@
}
(*env)->GetStringUTFRegion(env, val, 0, length, conversionBuffer);
+ fprintf(stderr, "sizeof=%d, strlen=%d\n", sizeof(conversionBuffer), strlen(conversionBuffer));
+ fflush(stderr);
return conversionBuffer;
}
==============================
$ java GTKEngineTest
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by GTKEngineTest (file:/home/isel/sandbox/jdk/) to method sun.awt.UNIXToolkit.loadGTK()
WARNING: Please consider reporting this to the maintainers of GTKEngineTest
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
sizeof=128, strlen=381
obj=null
(*env)->GetStringUTFRegion(env, filename, 0, len, filename_str);
On src/java.desktop/unix/native/libawt_xawt/awt/awt_UNIXToolkit.c, UTF8 length is specified on 4th parameter.
If non-ascii characters are in String, StringIndexOutOfBoundsException is happened.
Test result is as follows:
$ java GTKIconTestA
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by GTKIconTestA (file:xxxxxx) to method sun.awt.UNIXToolkit.loadGTK()
WARNING: Please consider reporting this to the maintainers of GTKIconTestA
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
abc=false
Exception in thread "main" java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at GTKIconTestA.main(GTKIconTestA.java:15)
Caused by: java.lang.StringIndexOutOfBoundsException
at java.desktop/sun.awt.UNIXToolkit.load_gtk_icon(Native Method)
... 5 more
If String length is specified
$ java GTKIconTestA
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by GTKIconTestA (file:xxxxxx) to method sun.awt.UNIXToolkit.loadGTK()
WARNING: Please consider reporting this to the maintainers of GTKIconTestA
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
abc=false
\u3042=false
Same kind of code is in src/java.desktop/unix/native/libawt_xawt/awt/swing_GTKEngine.c
For src/java.desktop/unix/native/libawt_xawt/awt/swing_GTKEngine.c
If I applied following debug code, I could see buffer overflow.
==============================
diff -r a43d6467317d src/java.desktop/unix/native/libawt_xawt/awt/swing_GTKEngine.c
--- a/src/java.desktop/unix/native/libawt_xawt/awt/swing_GTKEngine.c Wed May 01 14:35:28 2019 -0700
+++ b/src/java.desktop/unix/native/libawt_xawt/awt/swing_GTKEngine.c Tue May 07 13:01:03 2019 +0900
@@ -26,6 +26,8 @@
#include <stdlib.h>
#include "gtk_interface.h"
#include "com_sun_java_swing_plaf_gtk_GTKEngine.h"
+#include <unistd.h>
+#include <string.h>
/* Static buffer for conversion from java.lang.String to UTF-8 */
static char conversionBuffer[CONV_BUFFER_SIZE];
@@ -39,6 +41,8 @@
}
(*env)->GetStringUTFRegion(env, val, 0, length, conversionBuffer);
+ fprintf(stderr, "sizeof=%d, strlen=%d\n", sizeof(conversionBuffer), strlen(conversionBuffer));
+ fflush(stderr);
return conversionBuffer;
}
==============================
$ java GTKEngineTest
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by GTKEngineTest (file:/home/isel/sandbox/jdk/) to method sun.awt.UNIXToolkit.loadGTK()
WARNING: Please consider reporting this to the maintainers of GTKEngineTest
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
sizeof=128, strlen=381
obj=null
- backported by
-
JDK-8224271 StringIndexOutOfBoundsException happens via GetStringUTFRegion()
-
- Resolved
-
-
-
- Resolved
-