RFR: 8273108: RunThese24H crashes with SEGV in markWord::displaced_mark_helper() after JDK-8268276
Scott Gibbons
duke at openjdk.java.net
Thu Dec 9 23:54:12 UTC 2021
On Thu, 9 Dec 2021 23:10:00 GMT, Sandhya Viswanathan <sviswanathan at openjdk.org> wrote:
>> The base64 decoder overwrites memory past the end of its output buffer in certain cases. It will not overwrite if the encoded string length is < 64 bytes. It also will not overwrite if the encoded string length mod 64 is >= 16. So the case where it *will* overwrite is when the input string length (the encoded byte length) mod 64 is less than 16.
>>
>> I also added a test case to detect this overrun.
>
> src/hotspot/cpu/x86/stubGenerator_x86_64.cpp line 6264:
>
>> 6262: __ jcc(Assembler::lessEqual, L_finalBit);
>> 6263:
>> 6264: __ mov64(rax, 0x0000ffffffffffff);
>
> The constant should have an l suffix.
I do not believe this is necessary. There are multiple occurrences of mov64()s without the `l` suffix. For example, lines 687-688:
__ mov64(c_rarg3, 0x8000000000000000);
__ mov64(rax, 0x7fffffffffffffff);
-------------
PR: https://git.openjdk.java.net/jdk/pull/6786
More information about the hotspot-dev
mailing list