stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8268720: Unspecified checks on NameAndType constants should not be performed

Browse Source 
Reviewed-by: dholmes, lfoltan
This commit is contained in:
Harold Seigel 2021-06-23 12:11:37 +00:00
parent 2c29d790ca
commit f2e690e0ee
4 changed files with 463 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
src/hotspot/share/classfile/classFileParser.cpp
View File

@ -692,22 +692,25 @@ void ClassFileParser::parse_constant_pool(const ClassFileStream* const stream,
}
} else {
if (_need_verify) {
// Method name and signature are verified above, when iterating NameAndType_info.
// Need only to be sure signature is non-zero length and the right type.
// Method name and signature are individually verified above, when iterating
// NameAndType_info. Need to check here that signature is non-zero length and
// the right type.
if (!Signature::is_method(signature)) {
throwIllegalSignature("Method", name, signature, CHECK);
}
}
// 4509014: If a class method name begins with '<', it must be "<init>"
// If a class method name begins with '<', it must be "<init>" and have void signature.
const unsigned int name_len = name->utf8_length();
if (tag == JVM_CONSTANT_Methodref &&
name_len != 0 &&
name->char_at(0) == JVM_SIGNATURE_SPECIAL &&
name != vmSymbols::object_initializer_name()) {
classfile_parse_error(
"Bad method name at constant pool index %u in class file %s",
name_ref_index, THREAD);
return;
if (tag == JVM_CONSTANT_Methodref && name_len != 0 &&
name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
if (name != vmSymbols::object_initializer_name()) {
classfile_parse_error(
"Bad method name at constant pool index %u in class file %s",
name_ref_index, THREAD);
return;
} else if (!Signature::is_void_method(signature)) { // must have void signature.
throwIllegalSignature("Method", name, signature, CHECK);
}
}
}
break;
@ -2294,6 +2297,7 @@ Method* ClassFileParser::parse_method(const ClassFileStream* const cfs,
int args_size = -1; // only used when _need_verify is true
if (_need_verify) {
verify_legal_name_with_signature(name, signature, CHECK_NULL);
args_size = ((flags & JVM_ACC_STATIC) ? 0 : 1) +
verify_legal_method_signature(name, signature, CHECK_NULL);
if (args_size > MAX_ARGS_SIZE) {
@ -5043,6 +5047,32 @@ void ClassFileParser::verify_legal_field_signature(const Symbol* name,
}
}
// Check that the signature is compatible with the method name. For example,
// check that <init> has a void signature.
void ClassFileParser::verify_legal_name_with_signature(const Symbol* name,
const Symbol* signature,
TRAPS) const {
if (!_need_verify) {
return;
}
// Class initializers cannot have args for class format version >= 51.
if (name == vmSymbols::class_initializer_name() &&
signature != vmSymbols::void_method_signature() &&
_major_version >= JAVA_7_VERSION) {
throwIllegalSignature("Method", name, signature, THREAD);
return;
}
int sig_length = signature->utf8_length();
if (name->utf8_length() > 0 &&
name->char_at(0) == JVM_SIGNATURE_SPECIAL &&
sig_length > 0 &&
signature->char_at(sig_length - 1) != JVM_SIGNATURE_VOID) {
throwIllegalSignature("Method", name, signature, THREAD);
}
}
// Checks if signature is a legal method signature.
// Returns number of parameters
int ClassFileParser::verify_legal_method_signature(const Symbol* name,
@ -5054,14 +5084,6 @@ int ClassFileParser::verify_legal_method_signature(const Symbol* name,
return -2;
}
// Class initializers cannot have args for class format version >= 51.
if (name == vmSymbols::class_initializer_name() &&
signature != vmSymbols::void_method_signature() &&
_major_version >= JAVA_7_VERSION) {
throwIllegalSignature("Method", name, signature, CHECK_0);
return 0;
}
unsigned int args_size = 0;
const char* p = (const char*)signature->bytes();
unsigned int length = signature->utf8_length();
@ -5084,22 +5106,15 @@ int ClassFileParser::verify_legal_method_signature(const Symbol* name,
// The first non-signature thing better be a ')'
if ((length > 0) && (*p++ == JVM_SIGNATURE_ENDFUNC)) {
length--;
if (name->utf8_length() > 0 && name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
// All internal methods must return void
if ((length == 1) && (p[0] == JVM_SIGNATURE_VOID)) {
return args_size;
}
} else {
// Now we better just have a return value
nextp = skip_over_field_signature(p, true, length, CHECK_0);
if (nextp && ((int)length == (nextp - p))) {
return args_size;
}
// Now we better just have a return value
nextp = skip_over_field_signature(p, true, length, CHECK_0);
if (nextp && ((int)length == (nextp - p))) {
return args_size;
}
}
}
// Report error
throwIllegalSignature("Method", name, signature, CHECK_0);
throwIllegalSignature("Method", name, signature, THREAD);
return 0;
}

3
src/hotspot/share/classfile/classFileParser.hpp
View File

@ -462,6 +462,9 @@ class ClassFileParser {
int verify_legal_method_signature(const Symbol* methodname,
const Symbol* signature,
TRAPS) const;
void verify_legal_name_with_signature(const Symbol* name,
const Symbol* signature,
TRAPS) const;
void verify_class_version(u2 major, u2 minor, Symbol* class_name, TRAPS);

68
test/hotspot/jtreg/runtime/classFileParserBug/NameAndTypeSig.java Normal file
View File

@ -0,0 +1,68 @@
/*
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8268720
* @summary Constant pool NameAndType entries with valid but incompatible method
* name and signature shouldn't cause an exception until referenced by
* a method_ref.
* @compile nonVoidInitSig.jcod
* @run main/othervm -Xverify:remote NameAndTypeSig
*/
// Test constant pool NameAndType descriptors with valid but incompatible method
// names and signatures.
public class NameAndTypeSig {
public static void main(String args[]) throws Throwable {
// Test that an unreferenced NameAndType with a valid name and signature
// is allowed even for name and signature pairs such as <init>()D.
Class newClass = Class.forName("nonVoidInitSig");
// Test that a NameAndType with a valid name and signature is allowed for
// name and signature pairs such as <init>()D, but not allowed by a cp
// Method_ref.
try {
Class newClass2 = Class.forName("nonVoidInitSigCFE");
throw new RuntimeException("Expected ClassFormatError exception not thrown");
} catch (java.lang.ClassFormatError e) {
if (!e.getMessage().contains("Method \"<init>\" in class nonVoidInitSigCFE has illegal signature")) {
throw new RuntimeException("Wrong ClassFormatError exception: " + e.getMessage());
}
}
// Test that a NameAndType with a valid name and invalid signature throws a
// ClassFormatError exception with a message containing the name <init> and
// the bad signature.
try {
Class newClass2 = Class.forName("voidInitBadSig");
throw new RuntimeException("Expected ClassFormatError exception not thrown");
} catch (java.lang.ClassFormatError e) {
if (!e.getMessage().contains("Method \"<init>\" in class voidInitBadSig has illegal signature \"()))V\"")) {
throw new RuntimeException("Wrong ClassFormatError exception: " + e.getMessage());
}
}
System.out.println("Test NameAndTypeSig passed.");
}
}

346
test/hotspot/jtreg/runtime/classFileParserBug/nonVoidInitSig.jcod Normal file
View File

@ -0,0 +1,346 @@
/*
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
// The constant pool in this class contains an unused NameAndType entry (#20)
// that points to method <init> and signature ()D. This is a valid NameAndType
// because <init> is a valid method name and ()D is a valid method signature.
class nonVoidInitSig {
0xCAFEBABE;
0; // minor version
62; // version
[21] { // Constant Pool
; // first element is empty
Method #2 #3; // #1 at 0x0A
class #4; // #2 at 0x0F
NameAndType #5 #6; // #3 at 0x12
Utf8 "java/lang/Object"; // #4 at 0x17
Utf8 "<init>"; // #5 at 0x2A
Utf8 "()V"; // #6 at 0x33
class #8; // #7 at 0x39
Utf8 "nonVoidInitSig"; // #8 at 0x3C
Method #7 #3; // #9 at 0x47
Utf8 "Code"; // #10 at 0x4C
Utf8 "LineNumberTable"; // #11 at 0x53
Utf8 "func"; // #12 at 0x65
Utf8 "([Ljava/lang/String;)V"; // #13 at 0x6C
Utf8 "Exceptions"; // #14 at 0x85
class #16; // #15 at 0x92
Utf8 "java/lang/Throwable"; // #16 at 0x95
Utf8 "SourceFile"; // #17 at 0xAB
Utf8 "nonVoidInitSig.java"; // #18 at 0xB8
Utf8 "()D"; // #19
NameAndType #5 #19; // #20 // Unused, points to <init>()D.
} // Constant Pool
0x0021; // access [ ACC_PUBLIC ACC_SUPER ]
#7;// this_cpx
#2;// super_cpx
[0] { // Interfaces
} // Interfaces
[0] { // Fields
} // Fields
[2] { // Methods
{ // method at 0xD4
0x0001; // access
#5; // name_index : <init>
#6; // descriptor_index : ()V
[1] { // Attributes
Attr(#10, 29) { // Code at 0xDC
1; // max_stack
1; // max_locals
Bytes[5]{
0x2AB70001B1;
}
[0] { // Traps
} // end Traps
[1] { // Attributes
Attr(#11, 6) { // LineNumberTable at 0xF3
[1] { // line_number_table
0 1; // at 0xFF
}
} // end LineNumberTable
} // Attributes
} // end Code
} // Attributes
}
;
{ // method at 0xFF
0x0009; // access
#12; // name_index : func
#13; // descriptor_index : ([Ljava/lang/String;)V
[2] { // Attributes
Attr(#10, 37) { // Code at 0x0107
2; // max_stack
2; // max_locals
Bytes[9]{
0xBB000759B700094C;
0xB1;
}
[0] { // Traps
} // end Traps
[1] { // Attributes
Attr(#11, 10) { // LineNumberTable at 0x0122
[2] { // line_number_table
0 4; // at 0x012E
8 5; // at 0x0132
}
} // end LineNumberTable
} // Attributes
} // end Code
;
Attr(#14, 4) { // Exceptions at 0x0132
[1] { // Exceptions
#15; // at 0x013C
}
} // end Exceptions
} // Attributes
}
} // Methods
[1] { // Attributes
Attr(#17, 2) { // SourceFile at 0x013E
#18;
} // end SourceFile
} // Attributes
} // end class nonVoidInitSig
// The constant pool in this class contains a cp NameAndType entry (#3) that
// points to method <init> and signature ()D. This is a valid NameAndType
// because <init> is a valid method name and ()D is a valid method signature.
// But, a cp Methodref (#1) that points to NameAndType with a method named
// <init> and a non-void return type, is invalid.
class nonVoidInitSigCFE {
0xCAFEBABE;
0; // minor version
62; // version
[20] { // Constant Pool
; // first element is empty
Method #2 #3; // #1 at 0x0A
class #4; // #2 at 0x0F
NameAndType #5 #19; // #3 at 0x12
Utf8 "java/lang/Object"; // #4 at 0x17
Utf8 "<init>"; // #5 at 0x2A
Utf8 "()V"; // #6 at 0x33
class #8; // #7 at 0x39
Utf8 "nonVoidInitSigCFE"; // #8 at 0x3C
Method #7 #3; // #9 at 0x47
Utf8 "Code"; // #10 at 0x4C
Utf8 "LineNumberTable"; // #11 at 0x53
Utf8 "func"; // #12 at 0x65
Utf8 "([Ljava/lang/String;)V"; // #13 at 0x6C
Utf8 "Exceptions"; // #14 at 0x85
class #16; // #15 at 0x92
Utf8 "java/lang/Throwable"; // #16 at 0x95
Utf8 "SourceFile"; // #17 at 0xAB
Utf8 "nonVoidInitSigCFE.java"; // #18 at 0xB8
Utf8 "()D"; // #19
} // Constant Pool
0x0021; // access [ ACC_PUBLIC ACC_SUPER ]
#7;// this_cpx
#2;// super_cpx
[0] { // Interfaces
} // Interfaces
[0] { // Fields
} // Fields
[2] { // Methods
{ // method at 0xD4
0x0001; // access
#5; // name_index : <init>
#6; // descriptor_index : ()V
[1] { // Attributes
Attr(#10, 29) { // Code at 0xDC
1; // max_stack
1; // max_locals
Bytes[5]{
0x2AB70001B1;
}
[0] { // Traps
} // end Traps
[1] { // Attributes
Attr(#11, 6) { // LineNumberTable at 0xF3
[1] { // line_number_table
0 1; // at 0xFF
}
} // end LineNumberTable
} // Attributes
} // end Code
} // Attributes
}
;
{ // method at 0xFF
0x0009; // access
#12; // name_index : func
#13; // descriptor_index : ([Ljava/lang/String;)V
[2] { // Attributes
Attr(#10, 37) { // Code at 0x0107
2; // max_stack
2; // max_locals
Bytes[9]{
0xBB000759B700094C;
0xB1;
}
[0] { // Traps
} // end Traps
[1] { // Attributes
Attr(#11, 10) { // LineNumberTable at 0x0122
[2] { // line_number_table
0 4; // at 0x012E
8 5; // at 0x0132
}
} // end LineNumberTable
} // Attributes
} // end Code
;
Attr(#14, 4) { // Exceptions at 0x0132
[1] { // Exceptions
#15; // at 0x013C
}
} // end Exceptions
} // Attributes
}
} // Methods
[1] { // Attributes
Attr(#17, 2) { // SourceFile at 0x013E
#18;
} // end SourceFile
} // Attributes
} // end class nonVoidInitSigCFE
// The constant pool in this class contains a cp NameAndType entry (#20) that
// points to method <init> and signature ()))V. This is an invalid NameAndType
// entry and should throw a ClassFormatError exception, with a message containing
// the name <init> and the bad signature, even thought the NameAndType is not
// referenced by a cp Methodref.
class voidInitBadSig {
0xCAFEBABE;
0; // minor version
62; // version
[21] { // Constant Pool
; // first element is empty
Method #2 #3; // #1 at 0x0A
class #4; // #2 at 0x0F
NameAndType #5 #6; // #3 at 0x12
Utf8 "java/lang/Object"; // #4 at 0x17
Utf8 "<init>"; // #5 at 0x2A
Utf8 "()V"; // #6 at 0x33
class #8; // #7 at 0x39
Utf8 "voidInitBadSig"; // #8 at 0x3C
Method #7 #3; // #9 at 0x47
Utf8 "Code"; // #10 at 0x4C
Utf8 "LineNumberTable"; // #11 at 0x53
Utf8 "func"; // #12 at 0x65
Utf8 "([Ljava/lang/String;)V"; // #13 at 0x6C
Utf8 "Exceptions"; // #14 at 0x85
class #16; // #15 at 0x92
Utf8 "java/lang/Throwable"; // #16 at 0x95
Utf8 "SourceFile"; // #17 at 0xAB
Utf8 "voidInitBadSig.java"; // #18 at 0xB8
Utf8 "()))V"; // #19
NameAndType #5 #19; // #20 // Unused, points to <init>()))V.
} // Constant Pool
0x0021; // access [ ACC_PUBLIC ACC_SUPER ]
#7;// this_cpx
#2;// super_cpx
[0] { // Interfaces
} // Interfaces
[0] { // Fields
} // Fields
[2] { // Methods
{ // method at 0xD4
0x0001; // access
#5; // name_index : <init>
#6; // descriptor_index : ()V
[1] { // Attributes
Attr(#10, 29) { // Code at 0xDC
1; // max_stack
1; // max_locals
Bytes[5]{
0x2AB70001B1;
}
[0] { // Traps
} // end Traps
[1] { // Attributes
Attr(#11, 6) { // LineNumberTable at 0xF3
[1] { // line_number_table
0 1; // at 0xFF
}
} // end LineNumberTable
} // Attributes
} // end Code
} // Attributes
}
;
{ // method at 0xFF
0x0009; // access
#12; // name_index : func
#13; // descriptor_index : ([Ljava/lang/String;)V
[2] { // Attributes
Attr(#10, 37) { // Code at 0x0107
2; // max_stack
2; // max_locals
Bytes[9]{
0xBB000759B700094C;
0xB1;
}
[0] { // Traps
} // end Traps
[1] { // Attributes
Attr(#11, 10) { // LineNumberTable at 0x0122
[2] { // line_number_table
0 4; // at 0x012E
8 5; // at 0x0132
}
} // end LineNumberTable
} // Attributes
} // end Code
;
Attr(#14, 4) { // Exceptions at 0x0132
[1] { // Exceptions
#15; // at 0x013C
}
} // end Exceptions
} // Attributes
}
} // Methods
[1] { // Attributes
Attr(#17, 2) { // SourceFile at 0x013E
#18;
} // end SourceFile
} // Attributes
} // end class voidInitBadSig