7200499: Better data validation for options

Reviewed-by: darcy, jjh, mschoene
2012-10-16 16:38:38 -07:00 · 2012-10-16 16:38:38 -07:00 · f9122bd3fd
commit f9122bd3fd
parent ef7ede903e
2 changed files with 29 additions and 5 deletions
--- a/jdk/src/share/bin/jli_util.h
+++ b/jdk/src/share/bin/jli_util.h
@ -66,7 +66,7 @@ int     JLI_GetStdArgc();
 #include <io.h>
 #define JLI_StrCaseCmp(p1, p2)          stricmp((p1), (p2))
 #define JLI_StrNCaseCmp(p1, p2, p3)     strnicmp((p1), (p2), (p3))
-#define JLI_Snprintf                    _snprintf
+size_t  JLI_Snprintf(char *buffer, size_t size, const char *format, ...);
 void JLI_CmdToArgs(char *cmdline);
 #define JLI_Lseek                       _lseeki64
 #else  /* NIXES */
--- a/jdk/src/windows/bin/java_md.c
+++ b/jdk/src/windows/bin/java_md.c
@ -101,7 +101,6 @@ int awtPreloadD3D = -1;
 /* funtion in awt.dll (src/windows/native/sun/java2d/d3d/D3DPipelineManager.cpp) */
 #define D3D_PRELOAD_FUNC "preloadD3D"

-
 /* Extracts value of a parameter with the specified name
 * from command line argument (returns pointer in the argument).
 * Returns NULL if the argument does not contains the parameter.
@ -276,7 +275,8 @@ LoadMSVCRT()
 #endif
 #ifdef CRT_DLL
        if (GetJREPath(crtpath, MAXPATHLEN)) {
-            if (JLI_StrLen(crtpath) + JLI_StrLen("\\bin\\") + JLI_StrLen(CRT_DLL) >= MAXPATHLEN) {
+            if (JLI_StrLen(crtpath) + JLI_StrLen("\\bin\\") +
+                    JLI_StrLen(CRT_DLL) >= MAXPATHLEN) {
                JLI_ReportErrorMessage(JRE_ERROR11);
                return JNI_FALSE;
            }
@ -347,7 +347,8 @@ GetJVMPath(const char *jrepath, const char *jvmtype,
    if (JLI_StrChr(jvmtype, '/') || JLI_StrChr(jvmtype, '\\')) {
        JLI_Snprintf(jvmpath, jvmpathsize, "%s\\" JVM_DLL, jvmtype);
    } else {
-        JLI_Snprintf(jvmpath, jvmpathsize, "%s\\bin\\%s\\" JVM_DLL, jrepath, jvmtype);
+        JLI_Snprintf(jvmpath, jvmpathsize, "%s\\bin\\%s\\" JVM_DLL,
+                     jrepath, jvmtype);
    }
    if (stat(jvmpath, &s) == 0) {
        return JNI_TRUE;
@ -526,6 +527,29 @@ jlong Counter2Micros(jlong counts)
    return (counts * 1000 * 1000)/counterFrequency.QuadPart;
 }

+/*
+ * windows snprintf does not guarantee a null terminator in the buffer,
+ * if the computed size is equal to or greater than the buffer size,
+ * as well as error conditions, this function guarantees a null terminator
+ * under all these conditions. An unreasonable buffer size will return
+ * an error value.
+ */
+size_t
+JLI_Snprintf(char* buffer, size_t size, const char* format, ...)
+{
+    size_t rc;
+    va_list vl;
+    if (size <= 0)
+        return -1;
+    va_start(vl, format);
+    rc = vsnprintf(buffer, size - 1, format, vl);
+    /* force a null terminator, if something is amiss */
+    if (rc < 0 || rc >= size)
+        buffer[size - 1] = '\0';
+    va_end(vl);
+    return rc;
+}
+
 void
 JLI_ReportErrorMessage(const char* fmt, ...) {
    va_list vl;
@ -880,7 +904,7 @@ unquote(const char *s) {
 */
 void
 ExecJRE(char *jre, char **argv) {
-    int     len;
+    jint     len;
    char    path[MAXPATHLEN + 1];

    const char *progname = GetProgramName();