[prev in list] [next in list] [prev in thread] [next in thread]
List: openjdk-serviceability-dev
Subject: Re: RFR: 8259070: Add jcmd option to dump CDS
From: Thomas_Stüfe <thomas.stuefe () gmail ! com>
Date: 2021-02-28 5:36:41
Message-ID: CAA-vtUyEWqnZARH308kKmbpzBTkh=Ygkaxotn6rE06-71LW0QQ () mail ! gmail ! com
[Download RAW message or body]
Oh right, then it could get truncated, but should not overflow.
On Sat, Feb 27, 2021 at 7:15 PM Ioi Lam <iklam@openjdk.java.net> wrote:
> On Sat, 27 Feb 2021 05:19:01 GMT, Thomas Stuefe <stuefe@openjdk.org>
> wrote:
>
> >> src/hotspot/share/memory/metaspaceShared.cpp line 799:
> >>
> >>> 797: if (strstr(file_name, ".jsa") == nullptr) {
> >>> 798: os::snprintf(filename, sizeof(filename), "%s.jsa",
> file_name);
> >>> 799: file = filename;
> >>
> >> This could potentially overflow the buffer. I think it's best to just
> leave `file_name` alone. If the user doesn't want the `.jsa` extension,
> that's fine. Similarly, we don't add `.jsa` to `-XX:ArchiveClassesAtExit`
> or `-XX:SharedArchiveFile`.
> >
> > How would it overflow? But I agree, I would not add jsa extension if the
> user did not specify one. I dislike when programs do that.
>
> `file_name` is user input that comes from the jcmd, so it can be
> arbitrarily long and exceed JVM_MAXPATHLEN characters.
>
> -------------
>
> PR: https://git.openjdk.java.net/jdk/pull/2737
>
[Attachment #3 (text/html)]
<div dir="ltr">Oh right, then it could get truncated, but should not \
overflow.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, \
Feb 27, 2021 at 7:15 PM Ioi Lam <<a \
href="mailto:iklam@openjdk.java.net">iklam@openjdk.java.net</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Sat, 27 Feb 2021 \
05:19:01 GMT, Thomas Stuefe <<a href="mailto:stuefe@openjdk.org" \
target="_blank">stuefe@openjdk.org</a>> wrote:<br> <br>
>> src/hotspot/share/memory/metaspaceShared.cpp line 799:<br>
>> <br>
>>> 797: if (strstr(file_name, ".jsa") == nullptr) {<br>
>>> 798: os::snprintf(filename, sizeof(filename), \
"%s.jsa", file_name);<br> >>> 799: file = \
filename;<br> >> <br>
>> This could potentially overflow the buffer. I think it's best to just \
leave `file_name` alone. If the user doesn't want the `.jsa` extension, \
that's fine. Similarly, we don't add `.jsa` to `-XX:ArchiveClassesAtExit` or \
`-XX:SharedArchiveFile`.<br> ><br>
> How would it overflow? But I agree, I would not add jsa extension if the user \
did not specify one. I dislike when programs do that.<br> <br>
`file_name` is user input that comes from the jcmd, so it can be arbitrarily long and \
exceed JVM_MAXPATHLEN characters.<br> <br>
-------------<br>
<br>
PR: <a href="https://git.openjdk.java.net/jdk/pull/2737" rel="noreferrer" \
target="_blank">https://git.openjdk.java.net/jdk/pull/2737</a><br> \
</blockquote></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic