RFR: 8279545: Buffer overrun in reverse_words of sharedRuntime_x86_64.cpp:3517
Harold Seigel
hseigel at openjdk.java.net
Thu Jan 13 18:17:23 UTC 2022
On Thu, 13 Jan 2022 16:28:14 GMT, Coleen Phillimore <coleenp at openjdk.org> wrote:
>> Please review this small fix to prevent a potential integer overflow that can cause a buffer overrun. The fix was tested with Mach5 tiers 1-2 on Linux, Mac OS, and Windows, Mach5 tiers 3-5 on Linux x64, and Mach5 builds of the JDK on PPC and S390.
>>
>> Thanks, Harold
>
> src/hotspot/cpu/ppc/sharedRuntime_ppc.cpp line 3249:
>
>> 3247: // overflow. 512 jints corresponds to an 16384-bit integer and
>> 3248: // will use here a total of 6k bytes of stack space.
>> 3249: guarantee(longwords <= 341, "must be");
>
> I was mystified about this number. Can you make this instead like:
>
> int thing = sizeof (unsigned long) * 3;
> guarantee(longwords <= 8192 / thing, "must be");
>
> Or is division just as unsafe?
>
> Should this be uint64_t, not long ? Or change it to julong if it's a small change to match the x86 version.
How about just: guarantee(longwords <= 8092 / (sizeof(julong) * 3), "must be"); ?
I don't think that doing division is a problem.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7053
More information about the hotspot-runtime-dev
mailing list