Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8170981

Possible access to char array with negative index

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: 9
    • Fix Version/s: 9
    • Component/s: hotspot
    • Labels:
      None
    • Subcomponent:
    • Resolved In Build:
      b156

      Backports

        Description

        Since 8048093, share/vm/globals.cpp:Flag::print_on(. . .) imposes a length limit of 50 characters on flag names. Flag names with up to 40 characters are assumed “well-formed”. The columnar layout of the PrintFlags* output is designed around that assumption.

        To prevent longer flag names from shifting all remaining columns to the right, the flag value column got some elasticity. For well-formed flag names, a char[11] array of 10 spaces and a terminating ‘\0’ character is printed after the flag value. For flag names with more than 40 characters, the number of spaces is reduced accordingly. This is achieved by replacing the space at index (50-MAX2(40,nameLen)) with a ‘\0’ character. Unfortunately, this code is only protected by an assert(nameLen < 50, “too long”).

        When someone invents a flag name with more than 50 characters, you are at risk. To find this bug during testing, you have to use a vm build with ASSERT defined (a non-PRODUCT build), and you have to run this vm with –XX:+PrintFlagsFinal or with –XX:+PrintFlagsInitial.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                lucy Lucy Schmidt
                Reporter:
                goetz Goetz Lindenmaier
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                  Dates

                  Due:
                  Created:
                  Updated:
                  Resolved: