'Re: RFR: 8259070: Add jcmd option to dump CDS'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openjdk-serviceability-dev
Subject:    Re: RFR: 8259070: Add jcmd option to dump CDS
From:       Thomas_Stüfe <thomas.stuefe () gmail ! com>
Date:       2021-02-28 5:36:41
Message-ID: CAA-vtUyEWqnZARH308kKmbpzBTkh=Ygkaxotn6rE06-71LW0QQ () mail ! gmail ! com
[Download RAW message or body]

Oh right, then it could get truncated, but should not overflow.

On Sat, Feb 27, 2021 at 7:15 PM Ioi Lam <iklam@openjdk.java.net> wrote:

> On Sat, 27 Feb 2021 05:19:01 GMT, Thomas Stuefe <stuefe@openjdk.org>
> wrote:
>
> >> src/hotspot/share/memory/metaspaceShared.cpp line 799:
> >>
> >>> 797:       if (strstr(file_name, ".jsa") == nullptr) {
> >>> 798:         os::snprintf(filename, sizeof(filename), "%s.jsa",
> file_name);
> >>> 799:         file = filename;
> >>
> >> This could potentially overflow the buffer. I think it's best to just
> leave `file_name` alone. If the user doesn't want the `.jsa` extension,
> that's fine. Similarly, we don't add `.jsa` to `-XX:ArchiveClassesAtExit`
> or `-XX:SharedArchiveFile`.
> >
> > How would it overflow? But I agree, I would not add jsa extension if the
> user did not specify one. I dislike when programs do that.
>
> `file_name` is user input that comes from the jcmd, so it can be
> arbitrarily long and exceed JVM_MAXPATHLEN characters.
>
> -------------
>
> PR: https://git.openjdk.java.net/jdk/pull/2737
>

[Attachment #3 (text/html)]

<div dir="ltr">Oh right, then it could get truncated, but should not \
overflow.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, \
Feb 27, 2021 at 7:15 PM Ioi Lam &lt;<a \
href="mailto:iklam@openjdk.java.net">iklam@openjdk.java.net</a>&gt; \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Sat, 27 Feb 2021 \
05:19:01 GMT, Thomas Stuefe &lt;<a href="mailto:stuefe@openjdk.org" \
target="_blank">stuefe@openjdk.org</a>&gt; wrote:<br> <br>
&gt;&gt; src/hotspot/share/memory/metaspaceShared.cpp line 799:<br>
&gt;&gt; <br>
&gt;&gt;&gt; 797:           if (strstr(file_name, &quot;.jsa&quot;) == nullptr) {<br>
&gt;&gt;&gt; 798:              os::snprintf(filename, sizeof(filename), \
&quot;%s.jsa&quot;, file_name);<br> &gt;&gt;&gt; 799:              file = \
filename;<br> &gt;&gt; <br>
&gt;&gt; This could potentially overflow the buffer. I think it&#39;s best to just \
leave `file_name` alone. If the user doesn&#39;t want the `.jsa` extension, \
that&#39;s fine. Similarly, we don&#39;t add `.jsa` to `-XX:ArchiveClassesAtExit` or \
`-XX:SharedArchiveFile`.<br> &gt;<br>
&gt; How would it overflow? But I agree, I would not add jsa extension if the user \
did not specify one. I dislike when programs do that.<br> <br>
`file_name` is user input that comes from the jcmd, so it can be arbitrarily long and \
exceed JVM_MAXPATHLEN characters.<br> <br>
-------------<br>
<br>
PR: <a href="https://git.openjdk.java.net/jdk/pull/2737" rel="noreferrer" \
target="_blank">https://git.openjdk.java.net/jdk/pull/2737</a><br> \
</blockquote></div>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic