RFR: 8373021: aarch64: MacroAssembler::arrays_equals reads out of bounds
Cesar Soares Lucas
cslucas at openjdk.org
Thu Jan 22 19:24:04 UTC 2026
To protect against unauthorized use of the Oracle email brand, we will be implementing a strict DMARC policy as part of our email security. DMARC (Domain-based Message Authentication, Reporting and Conformance) will help protect against phishing attacks, spam campaigns, and other malicious activities.
With this implementation, emails sent on behalf of ANY Oracle owned domain will be restricted if they fail DMARC compliance.
DMARC Info :
Record= v=DMARC1;p=none;rua=mailto:dmarc_rua at emaildefense.proofpoint.com;ruf=mailto:dmarc_ruf at emaildefense.proofpoint.com;fo=1
Result= none
Questions and more information:
* You may need to take action if you're responsible for email flow from Oracle Cloud, OCI, or acquisition domains. Senders in this category are treated as external emails since they operate outside of Oracle's internal network.
* If you are using the OCI Email Delivery Service, ensure you generate DKIM for your related Header From Domain - refer to https://docs.oracle.com/en-us/iaas/Content/Email/Tasks/configuredkim.htm more info can be found here https://confluence.oraclecorp.com/confluence/display/EMAIL/DMARC+for+Oracle+IT+and+Email+Delivery+Frequently+Asked+Questions
* Refer to the DMARC FAQ https://confluence.oraclecorp.com/confluence/display/OITGLOBAL/DMARC+Global+FAQ to learn more about DMARC, if your emails may be affected, and actions you need to take.
* If you have questions, reach out to the #oracle-owned-domains-dmarc Slack channel.
Thank you in advance for your attention to this matter.
Please review this PR to add back array-length comparison to AArch64 array-equals intrinsic.
[JDK-8331098](https://bugs.openjdk.org/browse/JDK-8331098) removed the direct comparison of both arrays' length but doing so will cause the code to index out of bounds of the array payload. The root cause of the problem is: 1) the main comparison loops only compare the array lengths (indirectly) after reading at least 16 bytes from _both_ arrays; 2) only the length of the first array, `a1`, is checked before the main comparison loop. Consequently, we code may read past the end of the array payload if the second array is shorter than 16 bytes. The result of indexing out of the array bounds is dependent on where the array is allocated and what comes after it: the VM may crash because of segment violation if the object is at the end of the heap (or Eden?) and there is no padding after the object or it can cause the array comparison to be incorrect.
Testing:
- [x] tier1 (+CCP)
- [x] tier1 (-CCP)
- [x] tier2 (+CCP)
- [x] tier2 (-CCP)
-------------
Commit messages:
- Add back length cmp
Changes: https://git.openjdk.org/jdk/pull/29372/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=29372&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8373021
Stats: 6 lines in 1 file changed: 6 ins; 0 del; 0 mod
Patch: https://git.openjdk.org/jdk/pull/29372.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/29372/head:pull/29372
PR: https://git.openjdk.org/jdk/pull/29372
More information about the hotspot-dev
mailing list