-
Bug
-
Resolution: Fixed
-
P4
-
11, 20, 21
-
b24
-
linux, os_x
-
Verified
jspawnhelper gets handed several file descriptors as arguments. The buffer size for this string is too small (7 chars per fd) to print out every conceivable int. This will overun the buffer if we happen to have fds larger than (printed size) 7 characters. This could lead to crashes or malfunctions if the parent VM has opened a large amount of file descriptors.
Note that on Linux, this can normally not happen since the kernel limits the number of open file descriptors per process to 1M, and these fds are still printable within the limits of this buffer. It is possible to get more fds per process, but only via kernel patch. But we still should not rely on that. And there is also still MacOS using the same mechanism.
Note that on Linux, this can normally not happen since the kernel limits the number of open file descriptors per process to 1M, and these fds are still printable within the limits of this buffer. It is possible to get more fds per process, but only via kernel patch. But we still should not rely on that. And there is also still MacOS using the same mechanism.
- relates to
-
JDK-8307990 jspawnhelper must close its writing side of a pipe before reading from it
- Closed