8255542: Attribute length of Module, ModulePackages and other attributes is ignored

Reviewed-by: mchung, dfuchs, chegar
2020-12-04 08:59:14 +00:00 · 2020-12-04 08:59:14 +00:00 · 2b4a423fd7
commit 2b4a423fd7
parent ca402671af
8 changed files with 567 additions and 6 deletions
--- a/src/java.base/share/classes/jdk/internal/module/ModuleInfo.java
+++ b/src/java.base/share/classes/jdk/internal/module/ModuleInfo.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2020, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -180,7 +180,8 @@ public final class ModuleInfo {
     *         because an identifier is not a legal Java identifier, duplicate
     *         exports, and many other reasons
     */
-    private Attributes doRead(DataInput in) throws IOException {
+    private Attributes doRead(DataInput input) throws IOException {
+        var in = new CountingDataInput(input);

        int magic = in.readInt();
        if (magic != 0xCAFEBABE)
@ -243,8 +244,9 @@ public final class ModuleInfo {
                                              + attribute_name + " attribute");
            }

-            switch (attribute_name) {
+            long initialPosition = in.count();

+            switch (attribute_name) {
                case MODULE :
                    builder = readModuleAttribute(in, cpool, major_version);
                    break;
@ -280,8 +282,15 @@ public final class ModuleInfo {
                    } else {
                        in.skipBytes(length);
                    }
-
            }
+
+            long newPosition = in.count();
+            if ((newPosition - initialPosition) != length) {
+                // attribute length does not match actual attribute size
+                throw invalidModuleDescriptor("Attribute " + attribute_name
+                        + " does not match its expected length");
+            }
+
        }

        // the Module attribute is required
@ -1079,12 +1088,127 @@ public final class ModuleInfo {
        }
    }

+    /**
+     * A DataInput implementation that reads from another DataInput and counts
+     * the number of bytes read.
+     */
+    private static class CountingDataInput implements DataInput {
+        private final DataInput delegate;
+        private long count;
+
+        CountingDataInput(DataInput delegate) {
+            this.delegate = delegate;
+        }
+
+        long count() {
+            return count;
+        }
+
+        @Override
+        public void readFully(byte b[]) throws IOException {
+            delegate.readFully(b, 0, b.length);
+            count += b.length;
+        }
+
+        @Override
+        public void readFully(byte b[], int off, int len) throws IOException {
+            delegate.readFully(b, off, len);
+            count += len;
+        }
+
+        @Override
+        public int skipBytes(int n) throws IOException {
+            int skip = delegate.skipBytes(n);
+            count += skip;
+            return skip;
+        }
+
+        @Override
+        public boolean readBoolean() throws IOException {
+            boolean b = delegate.readBoolean();
+            count++;
+            return b;
+        }
+
+        @Override
+        public byte readByte() throws IOException {
+            byte b = delegate.readByte();
+            count++;
+            return b;
+        }
+
+        @Override
+        public int readUnsignedByte() throws IOException {
+            int i = delegate.readUnsignedByte();
+            count++;
+            return i;
+        }
+
+        @Override
+        public short readShort() throws IOException {
+            short s = delegate.readShort();
+            count += 2;
+            return s;
+        }
+
+        @Override
+        public int readUnsignedShort() throws IOException {
+            int s = delegate.readUnsignedShort();
+            count += 2;
+            return s;
+        }
+
+        @Override
+        public char readChar() throws IOException {
+            char c = delegate.readChar();
+            count += 2;
+            return c;
+        }
+
+        @Override
+        public int readInt() throws IOException {
+            int i = delegate.readInt();
+            count += 4;
+            return i;
+        }
+
+        @Override
+        public long readLong() throws IOException {
+            long l = delegate.readLong();
+            count += 8;
+            return l;
+        }
+
+        @Override
+        public float readFloat() throws IOException {
+            float f = delegate.readFloat();
+            count += 4;
+            return f;
+        }
+
+        @Override
+        public double readDouble() throws IOException {
+            double d = delegate.readDouble();
+            count += 8;
+            return d;
+        }
+
+        @Override
+        public String readLine() {
+            throw new RuntimeException("not implemented");
+        }
+
+        @Override
+        public String readUTF() throws IOException {
+            return DataInputStream.readUTF(this);
+        }
+    }
+
    /**
     * Returns an InvalidModuleDescriptorException with the given detail
     * message
     */
-    private static InvalidModuleDescriptorException
-    invalidModuleDescriptor(String msg) {
+    private static InvalidModuleDescriptorException invalidModuleDescriptor(String msg) {
        return new InvalidModuleDescriptorException(msg);
    }

--- a/test/jdk/java/lang/module/badclasses/BadModuleAttributeLength/Driver.java
+++ b/test/jdk/java/lang/module/badclasses/BadModuleAttributeLength/Driver.java
@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8255542
+ * @summary Module attribute has incorrect length
+ * @library ..
+ * @build module-info
+ * @run main CheckBadModuleInfo
+ */
--- a/test/jdk/java/lang/module/badclasses/BadModuleAttributeLength/module-info.jcod
+++ b/test/jdk/java/lang/module/badclasses/BadModuleAttributeLength/module-info.jcod
@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+module  {
+  0xCAFEBABE;
+  0; // minor version
+  55; // version
+  [] { // Constant Pool
+    ; // first element is empty
+    Utf8 "module-info"; // #1
+    class #1; // #2
+    Utf8 "module-info.java"; // #3
+    Utf8 "m"; // #4
+    Module #4; // #5
+    Utf8 "ModuleMainClass"; // #6
+    Utf8 "p/C"; // #7
+    class #7; // #8
+    Utf8 "ModulePackages"; // #9
+    Utf8 "p"; // #10
+    Package #10; // #11
+    Utf8 "java.base"; // #12
+    Module #12; // #13
+    Utf8 "11.0.2"; // #14
+    Utf8 "SourceFile"; // #15
+    Utf8 "Module"; // #16
+  } // Constant Pool
+
+  0x8000; // access
+  #2;// this_cpx
+  #0;// super_cpx
+
+  [] { // Interfaces
+  } // Interfaces
+
+  [] { // Fields
+  } // Fields
+
+  [] { // Methods
+  } // Methods
+
+  [] { // Attributes
+    Attr(#15) { // SourceFile
+      #3;
+    } // end SourceFile
+    ;
+    Attr(#16, 256) { // Module incorrect attribute length
+      #5; // name_index
+      0x0000; // flags
+      #0; // version
+      [] { // requires
+        #13 0x8000 #14;
+      } // requires
+
+      [] { // exports
+      } // exports
+
+      [] { // opens
+      } // opens
+
+      [] { // uses
+      } // uses
+
+      [] { // provides
+      } // provides
+
+    } // end Module
+    ;
+    Attr(#6) { // ModuleMainClass
+      0x0008;
+    } // end ModuleMainClass
+    ;
+    Attr(#9) { // ModulePackages
+      [] {
+        #11;
+      }
+    } // end ModulePackages
+  } // Attributes
+} // end module m
--- a/test/jdk/java/lang/module/badclasses/BadModuleMainAttributeLength/Driver.java
+++ b/test/jdk/java/lang/module/badclasses/BadModuleMainAttributeLength/Driver.java
@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8255542
+ * @summary ModuleMain attribute has incorrect length
+ * @library ..
+ * @build module-info
+ * @run main CheckBadModuleInfo
+ */
--- a/test/jdk/java/lang/module/badclasses/BadModuleMainAttributeLength/module-info.jcod
+++ b/test/jdk/java/lang/module/badclasses/BadModuleMainAttributeLength/module-info.jcod
@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+module  {
+  0xCAFEBABE;
+  0; // minor version
+  55; // version
+  [] { // Constant Pool
+    ; // first element is empty
+    Utf8 "module-info"; // #1
+    class #1; // #2
+    Utf8 "module-info.java"; // #3
+    Utf8 "m"; // #4
+    Module #4; // #5
+    Utf8 "ModuleMainClass"; // #6
+    Utf8 "p/C"; // #7
+    class #7; // #8
+    Utf8 "ModulePackages"; // #9
+    Utf8 "p"; // #10
+    Package #10; // #11
+    Utf8 "java.base"; // #12
+    Module #12; // #13
+    Utf8 "11.0.2"; // #14
+    Utf8 "SourceFile"; // #15
+    Utf8 "Module"; // #16
+  } // Constant Pool
+
+  0x8000; // access
+  #2;// this_cpx
+  #0;// super_cpx
+
+  [] { // Interfaces
+  } // Interfaces
+
+  [] { // Fields
+  } // Fields
+
+  [] { // Methods
+  } // Methods
+
+  [] { // Attributes
+    Attr(#15) { // SourceFile
+      #3;
+    } // end SourceFile
+    ;
+    Attr(#16) { // Module
+      #5; // name_index
+      0x0000; // flags
+      #0; // version
+      [] { // requires
+        #13 0x8000 #14;
+      } // requires
+
+      [] { // exports
+      } // exports
+
+      [] { // opens
+      } // opens
+
+      [] { // uses
+      } // uses
+
+      [] { // provides
+      } // provides
+
+    } // end Module
+    ;
+    Attr(#6, 3) { // ModuleMainClass attribute_length 3 instead of 2
+      0x0008;
+    } // end ModuleMainClass
+    ;
+    Attr(#9) { // ModulePackages
+      [] {
+        #11;
+      }
+    } // end ModulePackages
+  } // Attributes
+} // end module m
--- a/test/jdk/java/lang/module/badclasses/BadModulePackagesAttributeLength/Driver.java
+++ b/test/jdk/java/lang/module/badclasses/BadModulePackagesAttributeLength/Driver.java
@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8255542
+ * @summary ModulePackages attribute has incorrect length
+ * @library ..
+ * @build module-info
+ * @run main CheckBadModuleInfo
+ */
--- a/test/jdk/java/lang/module/badclasses/BadModulePackagesAttributeLength/module-info.jcod
+++ b/test/jdk/java/lang/module/badclasses/BadModulePackagesAttributeLength/module-info.jcod
@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+module  {
+  0xCAFEBABE;
+  0; // minor version
+  55; // version
+  [] { // Constant Pool
+    ; // first element is empty
+    Utf8 "module-info"; // #1
+    class #1; // #2
+    Utf8 "module-info.java"; // #3
+    Utf8 "m"; // #4
+    Module #4; // #5
+    Utf8 "ModuleMainClass"; // #6
+    Utf8 "p/C"; // #7
+    class #7; // #8
+    Utf8 "ModulePackages"; // #9
+    Utf8 "p"; // #10
+    Package #10; // #11
+    Utf8 "java.base"; // #12
+    Module #12; // #13
+    Utf8 "11.0.2"; // #14
+    Utf8 "SourceFile"; // #15
+    Utf8 "Module"; // #16
+  } // Constant Pool
+
+  0x8000; // access
+  #2;// this_cpx
+  #0;// super_cpx
+
+  [] { // Interfaces
+  } // Interfaces
+
+  [] { // Fields
+  } // Fields
+
+  [] { // Methods
+  } // Methods
+
+  [] { // Attributes
+    Attr(#15) { // SourceFile
+      #3;
+    } // end SourceFile
+    ;
+    Attr(#16) { // Module
+      #5; // name_index
+      0x0000; // flags
+      #0; // version
+      [] { // requires
+        #13 0x8000 #14;
+      } // requires
+
+      [] { // exports
+      } // exports
+
+      [] { // opens
+      } // opens
+
+      [] { // uses
+      } // uses
+
+      [] { // provides
+      } // provides
+
+    } // end Module
+    ;
+    Attr(#6) { // ModuleMainClass
+      0x0008;
+    } // end ModuleMainClass
+    ;
+    Attr(#9, 6) { // ModulePackages attribute_length 6 instead of 4
+      [] {
+        #11;
+      }
+    } // end ModulePackages
+  } // Attributes
+} // end module m
--- a/test/jdk/java/lang/module/badclasses/CheckBadModuleInfo.java
+++ b/test/jdk/java/lang/module/badclasses/CheckBadModuleInfo.java
@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.lang.module.ModuleDescriptor;
+import java.lang.module.InvalidModuleDescriptorException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+
+/**
+ * Uses the ModuleDescriptor.read API to read the module-info.class in the
+ * ${test.classes} directory and expects InvalidModuleDescriptorException
+ * to be thrown.
+ */
+public class CheckBadModuleInfo {
+    public static void main(String[] args) throws IOException {
+        Path mi = Path.of(System.getProperty("test.classes"), "module-info.class");
+        try (InputStream in = Files.newInputStream(mi)) {
+            try {
+                ModuleDescriptor descriptor = ModuleDescriptor.read(in);
+                System.out.println(descriptor);
+                throw new RuntimeException("InvalidModuleDescriptorException expected");
+            } catch (InvalidModuleDescriptorException e) {
+                // expected
+                System.out.println(e);
+            }
+        }
+    }
+}