-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P3
-
Affects Version/s: 19, 20
-
Component/s: core-libs
-
None
SymbolLookup::libraryLookup(String) doesn't validate the incoming library name. So, the following is possible:
jshell> var lookup = SymbolLookup.libraryLookup("libc.so.6\0foobar", MemorySession.global());
lookup ==> java.lang.foreign.SymbolLookup$$Lambda$20/0x000000080105bce0@4769b07b
jshell> lookup.lookup("strlen");
$5 ==> Optional[MemorySegment{ id=0x6cb06628 limit: 0 }]
As it can be seen, the lookup for "libc.so.6\0foobar" succeds, because, under the hood, the string is truncated to "libc.so.6" which does exist.
The specification of the method should be clarified to throw IAE in such cases.
jshell> var lookup = SymbolLookup.libraryLookup("libc.so.6\0foobar", MemorySession.global());
lookup ==> java.lang.foreign.SymbolLookup$$Lambda$20/0x000000080105bce0@4769b07b
jshell> lookup.lookup("strlen");
$5 ==> Optional[MemorySegment{ id=0x6cb06628 limit: 0 }]
As it can be seen, the lookup for "libc.so.6\0foobar" succeds, because, under the hood, the string is truncated to "libc.so.6" which does exist.
The specification of the method should be clarified to throw IAE in such cases.
