From 02a77b2c881ab818edcf7e4ae12ad6c8cd082b8f Mon Sep 17 00:00:00 2001
From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Date: Sun, 21 Jan 2024 10:02:06 +0300
Subject: [PATCH] svace fixes (authored by nr@kaz-o)

---
 ...-fixes.patch => NAA.001.X509CertImpl.patch | 10 ++++----
 NAA.002.jvmtiClassFileReconstituter.patch     | 11 +++++++++
 NAA.003.jfrThreadSampler.patch                | 24 +++++++++++++++++++
 java-17-openjdk.spec                          | 14 ++++++++---
 4 files changed, 51 insertions(+), 8 deletions(-)
 rename svace-fixes.patch => NAA.001.X509CertImpl.patch (58%)
 create mode 100644 NAA.002.jvmtiClassFileReconstituter.patch
 create mode 100644 NAA.003.jfrThreadSampler.patch

diff --git a/svace-fixes.patch b/NAA.001.X509CertImpl.patch
similarity index 58%
rename from svace-fixes.patch
rename to NAA.001.X509CertImpl.patch
index 9eec801..6bb7c67 100644
--- a/svace-fixes.patch
+++ b/NAA.001.X509CertImpl.patch
@@ -1,8 +1,8 @@
-diff --git a/src/java.base/share/classes/sun/security/x509/X509CertImpl.java b/src/java.base/share/classes/sun/security/x509/X509CertImpl.java
-index 254016d..5f11fdc 100644
---- a/src/java.base/share/classes/sun/security/x509/X509CertImpl.java
-+++ b/src/java.base/share/classes/sun/security/x509/X509CertImpl.java
-@@ -749,7 +749,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
+From openjdk v20
+
+--- a/src/java.base/share/classes/sun/security/x509/X509CertImpl.java	2024-01-15 20:12:28.672540868 +0300
++++ b/src/java.base/share/classes/sun/security/x509/X509CertImpl.java	2024-01-15 20:16:15.661742845 +0300
+@@ -749,7 +749,7 @@
          id = attr.getPrefix();
  
          if (id.equalsIgnoreCase(INFO)) {
diff --git a/NAA.002.jvmtiClassFileReconstituter.patch b/NAA.002.jvmtiClassFileReconstituter.patch
new file mode 100644
index 0000000..1e40f32
--- /dev/null
+++ b/NAA.002.jvmtiClassFileReconstituter.patch
@@ -0,0 +1,11 @@
+--- a/src/hotspot/share/prims/jvmtiClassFileReconstituter.cpp	2024-01-15 20:17:22.044947545 +0300
++++ b/src/hotspot/share/prims/jvmtiClassFileReconstituter.cpp	2024-01-15 20:24:39.422251196 +0300
+@@ -458,7 +458,7 @@
+ //  }
+ void JvmtiClassFileReconstituter::write_record_attribute() {
+   Array<RecordComponent*>* components = ik()->record_components();
+-  int number_of_components = components->length();
++  int number_of_components = components ? components->length() : 0;
+ 
+   // Each component has a u2 for name, descr, attribute count
+   int length = sizeof(u2) + (sizeof(u2) * 3 * number_of_components);
diff --git a/NAA.003.jfrThreadSampler.patch b/NAA.003.jfrThreadSampler.patch
new file mode 100644
index 0000000..ed98eb6
--- /dev/null
+++ b/NAA.003.jfrThreadSampler.patch
@@ -0,0 +1,24 @@
+--- a/src/hotspot/share/jfr/periodic/sampling/jfrThreadSampler.cpp	2024-01-15 20:35:13.409882846 +0300
++++ b/src/hotspot/share/jfr/periodic/sampling/jfrThreadSampler.cpp	2024-01-15 20:37:08.895609642 +0300
+@@ -638,14 +638,18 @@
+   if (_instance == NULL && 0 == period) {
+     return;
+   }
+-  instance().set_sampling_interval(true, period);
++  if (_instance) {
++    instance().set_sampling_interval(true, period);
++  }
+ }
+ 
+ void JfrThreadSampling::set_native_sample_interval(size_t period) {
+   if (_instance == NULL && 0 == period) {
+     return;
+   }
+-  instance().set_sampling_interval(false, period);
++  if (_instance) {
++    instance().set_sampling_interval(false, period);
++  }
+ }
+ 
+ void JfrThreadSampling::on_javathread_suspend(JavaThread* thread) {
+
diff --git a/java-17-openjdk.spec b/java-17-openjdk.spec
index eea4af6..ddfd033 100644
--- a/java-17-openjdk.spec
+++ b/java-17-openjdk.spec
@@ -362,7 +362,7 @@
 %global top_level_dir_name   %{origin}
 %global top_level_dir_name_backup %{top_level_dir_name}-backup
 %global buildver        7
-%global rpmrelease      5
+%global rpmrelease      6
 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
 %if %is_system_jdk
 # Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -1363,7 +1363,13 @@ Patch2:    rh1648644-java_access_bridge_privileged_security.patch
 Patch3:    rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch
 # Depend on pcsc-lite-libs instead of pcsc-lite-devel as this is only in optional repo
 Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch
-Patch7: svace-fixes.patch
+
+# Fixes of defects found by static analysis by Svace
+# Svace report: https://file-store.rosalinux.ru/download/dacdcae0189446b83ad068f6b46cbc45c44225d2
+Patch301: NAA.001.X509CertImpl.patch
+Patch302: NAA.002.jvmtiClassFileReconstituter.patch
+Patch303: NAA.003.jfrThreadSampler.patch
+
 #############################################
 #
 # OpenJDK patches in need of upstreaming
@@ -1777,7 +1783,9 @@ pushd %{top_level_dir_name}
 %patch2 -p1
 %patch3 -p1
 %patch6 -p1
-%patch7 -p1
+%patch301 -p1
+%patch302 -p1
+%patch303 -p1
 # nss.cfg PKCS11 support; must come last as it also alters java.security
 %patch1000 -p1
 popd # openjdk