infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-02-15 21:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

6902299: Java JAR "unpack200" must verify input parameters

Browse Source 
Added several checks for addition of values before memory allocation

Reviewed-by: asaha
This commit is contained in:
Kumar Srinivasan 2010-02-22 14:33:19 -08:00
parent 2597796924
commit 1fe66fbda7
2 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
jdk/src/share/native/com/sun/java/util/jar/pack/bytes.cpp
View File

@ -40,7 +40,7 @@ bool bytes::inBounds(const void* p) {
void bytes::malloc(size_t len_) {
len = len_;
ptr = NEW(byte, len_+1); // add trailing zero byte always
ptr = NEW(byte, add_size(len_, 1)); // add trailing zero byte always
if (ptr == null) {
// set ptr to some victim memory, to ease escape
set(dummy, sizeof(dummy)-1);
@ -56,7 +56,7 @@ void bytes::realloc(size_t len_) {
return;
}
byte* oldptr = ptr;
ptr = (len_ >= PSIZE_MAX) ? null : (byte*)::realloc(ptr, len_+1);
ptr = (len_ >= PSIZE_MAX) ? null : (byte*)::realloc(ptr, add_size(len_, 1));
if (ptr != null) {
mtrace('r', oldptr, 0);
mtrace('m', ptr, len_+1);

17
jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
View File

@ -507,7 +507,7 @@ void* unpacker::alloc_heap(size_t size, bool smallOK, bool temp) {
maybe_inline
void unpacker::saveTo(bytes& b, byte* ptr, size_t len) {
b.ptr = U_NEW(byte, len+1);
b.ptr = U_NEW(byte, add_size(len,1));
if (aborting()) {
b.len = 0;
return;
@ -1154,7 +1154,7 @@ void unpacker::read_Utf8_values(entry* cpMap, int len) {
*fillp = 0; // bigbuf must contain a well-formed Utf8 string
int length = (int)(fillp - bigbuf.ptr);
bytes& value = cpMap[i].value.b;
value.set(U_NEW(byte, length+1), length);
value.set(U_NEW(byte, add_size(length,1)), length);
value.copyFrom(bigbuf.ptr, length);
CHECK;
// Index all Utf8 strings
@ -1626,7 +1626,7 @@ unpacker::attr_definitions::popBody(int bs_base) {
return no_bands;
} else {
int nb = bs_limit - bs_base;
band** res = U_NEW(band*, nb+1);
band** res = U_NEW(band*, add_size(nb, 1));
CHECK_(no_bands);
for (int i = 0; i < nb; i++) {
band* b = (band*) band_stack.get(bs_base + i);
@ -1735,7 +1735,7 @@ unpacker::attr_definitions::parseLayout(const char* lp, band** &res,
}
// save away the case labels
int ntags = band_stack.length() - case_base;
int* tags = U_NEW(int, 1+ntags);
int* tags = U_NEW(int, add_size(ntags, 1));
CHECK_(lp);
k_case.le_casetags = tags;
*tags++ = ntags;
@ -3139,8 +3139,8 @@ void cpool::initMemberIndexes() {
int* field_counts = T_NEW(int, nclasses);
int* method_counts = T_NEW(int, nclasses);
cpindex* all_indexes = U_NEW(cpindex, nclasses*2);
entry** field_ix = U_NEW(entry*, nfields+nclasses);
entry** method_ix = U_NEW(entry*, nmethods+nclasses);
entry** field_ix = U_NEW(entry*, add_size(nfields, nclasses));
entry** method_ix = U_NEW(entry*, add_size(nmethods, nclasses));
for (j = 0; j < nfields; j++) {
entry& f = fields[j];
@ -4132,7 +4132,7 @@ int unpacker::write_attrs(int attrc, julong indexBits) {
}
const char* suffix = ".java";
int len = (int)(prefix.len + strlen(suffix));
bytes name; name.set(T_NEW(byte, len + 1), len);
bytes name; name.set(T_NEW(byte, add_size(len, 1)), len);
name.strcat(prefix).strcat(suffix);
ref = cp.ensureUtf8(name);
}
@ -4647,7 +4647,7 @@ unpacker::file* unpacker::get_next_file() {
bytes& prefix = cur_class->ref(0)->value.b;
const char* suffix = ".class";
int len = (int)(prefix.len + strlen(suffix));
bytes name; name.set(T_NEW(byte, len + 1), len);
bytes name; name.set(T_NEW(byte, add_size(len, 1)), len);
cur_file.name = name.strcat(prefix).strcat(suffix).strval();
}
} else {
@ -4714,6 +4714,7 @@ void unpacker::write_file_to_jar(unpacker::file* f) {
input.ensureSize(fleft);
}
rplimit = rp = input.base();
CHECK;
input.setLimit(rp + fleft);
if (!ensure_input(fleft))
abort("EOF reading resource file");