Integrated: 8373021: aarch64: MacroAssembler::arrays_equals reads out of bounds

[Cesar Soares Lucas]

On Thu, 22 Jan 2026 19:16:14 GMT, Cesar Soares Lucas <cslucas at openjdk.org> wrote:

> Please review this PR to add back array-length comparison to AArch64 array-equals intrinsic.
> 
> [JDK-8331098](https://bugs.openjdk.org/browse/JDK-8331098) removed the direct comparison of both arrays' length but doing so will cause the code to index out of bounds of the array payload. The root cause of the problem is: 1) the main comparison loops only compare the array lengths (indirectly) after reading at least 16 bytes from _both_ arrays; 2) only the length of the first array, `a1`, is checked before the main comparison loop. Consequently, we code may read past the end of the array payload if the second array is shorter than 16 bytes. The result of indexing out of the array bounds is dependent on where the array is allocated and what comes after it: the VM may crash because of segment violation if the object is at the end of the heap (or Eden?) and there is no padding after the object or it can cause the array comparison to be incorrect.
> 
> Testing:
> 
> - [x] tier1 (+CCP)
> - [x] tier1 (-CCP)
> - [x] tier2 (+CCP)
> - [x] tier2 (-CCP)

This pull request has now been integrated.

Changeset: 2c3ad0f4
Author:    Cesar Soares Lucas <cslucas at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/2c3ad0f425c75332412a5e8e5733dd0d073a09c8
Stats:     6 lines in 1 file changed: 6 ins; 0 del; 0 mod

8373021: aarch64: MacroAssembler::arrays_equals reads out of bounds

Reviewed-by: rkennke, aph

-------------

PR: https://git.openjdk.org/jdk/pull/29372