RFR: 8333639: ubsan: cppVtables.cpp:81:55: runtime error: index 14 out of bounds for type 'long int [1]'

Martin Doerr mdoerr at openjdk.org
Mon Jun 10 13:34:22 UTC 2024 

On Mon, 10 Jun 2024 13:15:17 GMT, Axel Boldt-Christmas <aboldtch at openjdk.org> wrote:

>> We shouldn't specify a wrong array length which causes undefined behavior. Using a "flexible array member".
>
> I thought flexible array members were a C only thing. 
> 
> I did something along the lines of this when I was experimenting with UBsan. Not sure if it is any better, but it does not use language extensions. Not sure if it is ok to look beyond the object through a `intptr_t*`. But at least it is not through a `intptr_t[1]`. 
> 
> 
> diff --git a/src/hotspot/share/cds/cppVtables.cpp b/src/hotspot/share/cds/cppVtables.cpp
> index c339ce9c0de..55332dc484e 100644
> --- a/src/hotspot/share/cds/cppVtables.cpp
> +++ b/src/hotspot/share/cds/cppVtables.cpp
> @@ -66,19 +66,19 @@
>  
>  class CppVtableInfo {
>    intptr_t _vtable_size;
> -  intptr_t _cloned_vtable[1];
> +  intptr_t _cloned_vtable;
>  public:
>    static int num_slots(int vtable_size) {
>      return 1 + vtable_size; // Need to add the space occupied by _vtable_size;
>    }
>    int vtable_size()           { return int(uintx(_vtable_size)); }
>    void set_vtable_size(int n) { _vtable_size = intptr_t(n); }
> -  intptr_t* cloned_vtable()   { return &_cloned_vtable[0]; }
> -  void zero()                 { memset(_cloned_vtable, 0, sizeof(intptr_t) * vtable_size()); }
> +  intptr_t* cloned_vtable()   { return &_cloned_vtable; }
> +  void zero()                 { memset(&_cloned_vtable, 0, sizeof(intptr_t) * vtable_size()); }
>    // Returns the address of the next CppVtableInfo that can be placed immediately after this CppVtableInfo
>    static size_t byte_size(int vtable_size) {
>      CppVtableInfo i;
> -    return pointer_delta(&i._cloned_vtable[vtable_size], &i, sizeof(u1));
> +    return pointer_delta(&i.cloned_vtable()[vtable_size], &i, sizeof(u1));
>    }
>  };

@xmas92: Thanks! I have implemented a similar emulation for "flexible array members". Not sure which one is better.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/19623#issuecomment-2158390144

More information about the hotspot-runtime-dev mailing list