8076475: Misuses of strncpy/strncat

Various small fixes around strncpy and strncat

Reviewed-by: dsamersoff, coleenp

hotspot/agent/src/os/bsd/libproc_impl.c

@@ -215,7 +215,12 @@ lib_info* add_lib_info_fd(struct ps_prochandle* ph, const char* libname, int fd,
     return NULL;
   }
 
-  strncpy(newlib->name, libname, sizeof(newlib->name));
+  if (strlen(libname) >= sizeof(newlib->name)) {
+    print_debug("libname %s too long\n", libname);
+    return NULL;
+  }
+  strcpy(newlib->name, libname);
+
   newlib->base = base;
 
   if (fd == -1) {

hotspot/agent/src/os/linux/libproc_impl.c

@@ -159,7 +159,12 @@ lib_info* add_lib_info_fd(struct ps_prochandle* ph, const char* libname, int fd,
       return NULL;
    }
 
-   strncpy(newlib->name, libname, sizeof(newlib->name));
+   if (strlen(libname) >= sizeof(newlib->name)) {
+     print_debug("libname %s too long\n", libname);
+     return NULL;
+   }
+   strcpy(newlib->name, libname);
+
    newlib->base = base;
 
    if (fd == -1) {

hotspot/src/os/bsd/dtrace/libjvm_db.c

@@ -582,13 +582,14 @@ name_for_methodPtr(jvm_agent_t* J, uint64_t methodPtr, char * result, size_t siz
   CHECK_FAIL(err);
 
   result[0] = '\0';
-  strncat(result, klassString, size);
+  if (snprintf(result, size,
-  size -= strlen(klassString);
+    "%s.%s%s",
-  strncat(result, ".", size);
+    klassString,
-  size -= 1;
+    nameString,
-  strncat(result, nameString, size);
+    signatureString) >= size) {
-  size -= strlen(nameString);
+    // truncation
-  strncat(result, signatureString, size);
+    goto fail;
+  }
 
   if (nameString != NULL) free(nameString);
   if (klassString != NULL) free(klassString);
@@ -1095,9 +1096,9 @@ name_for_nmethod(jvm_agent_t* J,
       CHECK_FAIL(err);
   }
   if (deoptimized) {
-    strncat(result + 1, " [deoptimized frame]; ", size-1);
+    strncat(result, " [deoptimized frame]; ", size - strlen(result) - 1);
   } else {
-    strncat(result + 1, " [compiled] ", size-1);
+    strncat(result, " [compiled] ", size - strlen(result) - 1);
   }
   if (debug)
       fprintf(stderr, "name_for_nmethod: END: method name: %s, vf_cnt: %d\n\n",

hotspot/src/os/bsd/vm/decoder_machO.cpp

@@ -97,6 +97,7 @@ bool MachODecoder::decode(address addr, char *buf,
   char * symname = mach_find_in_stringtable((char*) ((uintptr_t)mach_base + stroff), strsize, found_strx);
   if (symname) {
       strncpy(buf, symname, buflen);
+      buf[buflen - 1] = '\0';
       return true;
   }
   DEBUG_ONLY(tty->print_cr("no string or null string found."));

hotspot/src/os/solaris/dtrace/libjvm_db.c

@@ -582,13 +582,14 @@ name_for_methodPtr(jvm_agent_t* J, uint64_t methodPtr, char * result, size_t siz
   CHECK_FAIL(err);
 
   result[0] = '\0';
-  strncat(result, klassString, size);
+  if (snprintf(result, size,
-  size -= strlen(klassString);
+    "%s.%s%s",
-  strncat(result, ".", size);
+    klassString,
-  size -= 1;
+    nameString,
-  strncat(result, nameString, size);
+    signatureString) >= size) {
-  size -= strlen(nameString);
+    // truncation
-  strncat(result, signatureString, size);
+    goto fail;
+  }
 
   if (nameString != NULL) free(nameString);
   if (klassString != NULL) free(klassString);
@@ -1095,9 +1096,9 @@ name_for_nmethod(jvm_agent_t* J,
       CHECK_FAIL(err);
   }
   if (deoptimized) {
-    strncat(result + 1, " [deoptimized frame]; ", size-1);
+    strncat(result, " [deoptimized frame]; ", size - strlen(result) - 1);
   } else {
-    strncat(result + 1, " [compiled] ", size-1);
+    strncat(result, " [compiled] ", size - strlen(result) - 1);
   }
   if (debug)
       fprintf(stderr, "name_for_nmethod: END: method name: %s, vf_cnt: %d\n\n",

hotspot/src/share/tools/hsdis/hsdis.c

@@ -410,6 +410,7 @@ static void parse_caller_options(struct hsdis_app_data* app_data, const char* ca
     }
     p = q;
   }
+  *iop = '\0';
 }
 
 static void print_help(struct hsdis_app_data* app_data,

hotspot/src/share/vm/compiler/compileBroker.hpp

@@ -172,7 +172,8 @@ class CompilerCounters : public CHeapObj<mtCompiler> {
     // these methods should be called in a thread safe context
 
     void set_current_method(const char* method) {
-      strncpy(_current_method, method, (size_t)cmname_buffer_length);
+      strncpy(_current_method, method, (size_t)cmname_buffer_length-1);
+      _current_method[cmname_buffer_length-1] = '\0';
       if (UsePerfData) _perf_current_method->set_value(method);
     }
 

hotspot/src/share/vm/compiler/compilerOracle.cpp

@@ -673,9 +673,7 @@ static MethodMatcher* scan_flag_and_value(const char* type, const char* line, in
       // so read integer and fraction part of double value separately.
       if (sscanf(line, "%*[ \t]%255[0-9]%*[ /\t]%255[0-9]%n", buffer[0], buffer[1], &bytes_read) == 2) {
         char value[512] = "";
-        strncat(value, buffer[0], 255);
+        jio_snprintf(value, sizeof(value), "%s.%s", buffer[0], buffer[1]);
-        strcat(value, ".");
-        strncat(value, buffer[1], 255);
         total_bytes_read += bytes_read;
         return add_option_string(c_name, c_match, m_name, m_match, signature, flag, atof(value));
       } else {

hotspot/src/share/vm/compiler/disassembler.cpp

@@ -300,6 +300,7 @@ address decode_env::handle_event(const char* event, address arg) {
         strlen((const char*)arg) > sizeof(buffer) - 1) {
       // Only print this when the mach changes
       strncpy(buffer, (const char*)arg, sizeof(buffer) - 1);
+      buffer[sizeof(buffer) - 1] = '\0';
       output()->print_cr("[Disassembling for mach='%s']", arg);
     }
   } else if (match(event, "format bytes-per-line")) {

hotspot/src/share/vm/runtime/arguments.cpp

@@ -2714,7 +2714,7 @@ jint Arguments::parse_each_vm_init_arg(const JavaVMInitArgs* args,
 
         char *options = NULL;
         if(pos != NULL) {
-          options = strcpy(NEW_C_HEAP_ARRAY(char, strlen(pos + 1) + 1, mtInternal), pos + 1);
+          options = os::strdup_check_oom(pos + 1, mtInternal);
         }
 #if !INCLUDE_JVMTI
         if (valid_hprof_or_jdwp_agent(name, is_absolute_path)) {
@@ -3314,8 +3314,7 @@ void Arguments::fix_appclasspath() {
       src ++;
     }
 
-    char* copy = AllocateHeap(strlen(src) + 1, mtInternal);
+    char* copy = os::strdup_check_oom(src, mtInternal);
-    strncpy(copy, src, strlen(src) + 1);
 
     // trim all trailing empty paths
     for (char* tail = copy + strlen(copy) - 1; tail >= copy && *tail == separator; tail--) {
@@ -3480,9 +3479,7 @@ jint Arguments::finalize_vm_init_args(SysClassPath* scp_p, bool scp_assembly_req
         }
       } else {
         char buffer[256];
-        const char *key = "java.awt.headless=";
+        jio_snprintf(buffer, sizeof(buffer), "java.awt.headless=%s", headless_env);
-        strcpy(buffer, key);
-        strncat(buffer, headless_env, 256 - strlen(key) - 1);
         if (!add_property(buffer)) {
           return JNI_ENOMEM;
         }
@@ -3645,18 +3642,14 @@ static char* get_shared_archive_path() {
     if (end != NULL) *end = '\0';
     size_t jvm_path_len = strlen(jvm_path);
     size_t file_sep_len = strlen(os::file_separator());
-    shared_archive_path = NEW_C_HEAP_ARRAY(char, jvm_path_len +
+    const size_t len = jvm_path_len + file_sep_len + 20;
-        file_sep_len + 20, mtInternal);
+    shared_archive_path = NEW_C_HEAP_ARRAY(char, len, mtInternal);
     if (shared_archive_path != NULL) {
-      strncpy(shared_archive_path, jvm_path, jvm_path_len + 1);
+      jio_snprintf(shared_archive_path, len, "%s%sclasses.jsa",
-      strncat(shared_archive_path, os::file_separator(), file_sep_len);
+        jvm_path, os::file_separator());
-      strncat(shared_archive_path, "classes.jsa", 11);
     }
   } else {
-    shared_archive_path = NEW_C_HEAP_ARRAY(char, strlen(SharedArchiveFile) + 1, mtInternal);
+    shared_archive_path = os::strdup_check_oom(SharedArchiveFile, mtInternal);
-    if (shared_archive_path != NULL) {
-      strncpy(shared_archive_path, SharedArchiveFile, strlen(SharedArchiveFile) + 1);
-    }
   }
   return shared_archive_path;
 }

hotspot/src/share/vm/utilities/ostream.cpp

@@ -109,7 +109,7 @@ const char* outputStream::do_vsnprintf(char* buffer, size_t buflen,
   }
   if (add_cr) {
     if (result != buffer) {
-      strncpy(buffer, result, buflen);
+      memcpy(buffer, result, result_len);
       result = buffer;
     }
     buffer[result_len++] = '\n';
@@ -334,15 +334,19 @@ void stringStream::write(const char* s, size_t len) {
       assert(rm == NULL || Thread::current()->current_resource_mark() == rm,
              "stringStream is re-allocated with a different ResourceMark");
       buffer = NEW_RESOURCE_ARRAY(char, end);
-      strncpy(buffer, oldbuf, buffer_pos);
+      if (buffer_pos > 0) {
+        memcpy(buffer, oldbuf, buffer_pos);
+      }
       buffer_length = end;
     }
   }
   // invariant: buffer is always null-terminated
   guarantee(buffer_pos + write_len + 1 <= buffer_length, "stringStream oob");
-  buffer[buffer_pos + write_len] = 0;
+  if (write_len > 0) {
-  strncpy(buffer + buffer_pos, s, write_len);
+    buffer[buffer_pos + write_len] = 0;
-  buffer_pos += write_len;
+    memcpy(buffer + buffer_pos, s, write_len);
+    buffer_pos += write_len;
+  }
 
   // Note that the following does not depend on write_len.
   // This means that position and count get updated

hotspot/src/share/vm/utilities/vmError.cpp

@@ -463,14 +463,7 @@ void VMError::report(outputStream* st) {
 #else
          const char *file = _filename;
 #endif
-         size_t len = strlen(file);
+         st->print(" (%s:%d)", file, _lineno);
-         size_t buflen = sizeof(buf);
-
-         strncpy(buf, file, buflen);
-         if (len + 10 < buflen) {
-           sprintf(buf + len, ":%d", _lineno);
-         }
-         st->print(" (%s)", buf);
        } else {
          st->print(" (0x%x)", _id);
        }