RFR: 8260046: Assert left >= right in pointer_delta() methods
Thomas Schatzl
tschatzl at openjdk.java.net
Mon May 10 09:15:01 UTC 2021
On Sat, 8 May 2021 19:43:21 GMT, Albert Mingkun Yang <ayang at openjdk.org> wrote:
>> src/hotspot/share/gc/g1/g1Allocator.cpp line 460:
>>
>>> 458: // chunk if we don't yet cross the boundary, but the remainder would be too
>>> 459: // small to fill.
>>> 460: HeapWord* new_top = old_top + word_size;
>>
>> Pre-existing but related to the change - What, if anything, prevents the calculation of new_top from overflowing or detects that happened. The usual way we do such calculations safely involves first checking that `(_max - old_top) <= word_size` or something similar. I don't see anything to prevent that, and if nothing does then the various checks and calculations involving new_top are suspect.
>
> Thanks for pointing this out. A fix at https://github.com/openjdk/jdk/pull/3936
I think the code is "good" but should be fixed - the `word_size` values are never user controlled afaict.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3900
More information about the hotspot-dev
mailing list