On Sat, 27 Feb 2021 05:19:01 GMT, Thomas Stuefe <stu...@openjdk.org> wrote:
>> src/hotspot/share/memory/metaspaceShared.cpp line 799:
>>
>>> 797: if (strstr(file_name, ".jsa") == nullptr) {
>>> 798: os::snprintf(filename, sizeof(filename), "%s.jsa", file_name);
>>> 799: file = filename;
>>
>> This could potentially overflow the buffer. I think it's best to just leave
>> `file_name` alone. If the user doesn't want the `.jsa` extension, that's
>> fine. Similarly, we don't add `.jsa` to `-XX:ArchiveClassesAtExit` or
>> `-XX:SharedArchiveFile`.
>
> How would it overflow? But I agree, I would not add jsa extension if the user
> did not specify one. I dislike when programs do that.
`file_name` is user input that comes from the jcmd, so it can be arbitrarily
long and exceed JVM_MAXPATHLEN characters.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2737
