RFR: 8279545: Buffer overrun in reverse_words of sharedRuntime_x86_64.cpp:3517
Coleen Phillimore
coleenp at openjdk.java.net
Thu Jan 13 16:34:28 UTC 2022
On Wed, 12 Jan 2022 18:21:52 GMT, Harold Seigel <hseigel at openjdk.org> wrote:
> Please review this small fix to prevent a potential integer overflow that can cause a buffer overrun. The fix was tested with Mach5 tiers 1-2 on Linux, Mac OS, and Windows, Mach5 tiers 3-5 on Linux x64, and Mach5 builds of the JDK on PPC and S390.
>
> Thanks, Harold
src/hotspot/cpu/ppc/sharedRuntime_ppc.cpp line 3249:
> 3247: // overflow. 512 jints corresponds to an 16384-bit integer and
> 3248: // will use here a total of 6k bytes of stack space.
> 3249: guarantee(longwords <= 341, "must be");
I was mystified about this number. Can you make this instead like:
int thing = sizeof (unsigned long) * 3;
guarantee(longwords <= 8192 / thing, "must be");
Or is division just as unsafe?
Should this be uint64_t, not long ? Or change it to julong if it's a small change to match the x86 version.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7053
More information about the hotspot-compiler-dev
mailing list