[foreign] RFR 8212987 : Binder should allows negative values for native pointers
Henry Jen
henry.jen at oracle.com
Tue Oct 30 16:18:05 UTC 2018
> On Oct 30, 2018, at 3:26 AM, Jorn Vernee <jbvernee at xs4all.nl> wrote:
>
> You're right about `toUnsignedString`. For some reason I thought `toHexString` had the `-` as a prefix if the argument is negative.
>
> About the length constraint; My initial thought was just to trust the pointer returned from native, but I guess we should do better. In the specific case I'm testing, void *, the length that is being used is Long.MAX_VALUE, basically the length is unknown, so I don't think I can do a range check on min + length in the constructor in that case.
>
> As far as I can see, the `min` value is only used in a few min + offset calculations before passing to Unsafe put/get routines, I think we'd want to allow overflow to negative there, but not overflow to positive, basically treating the long as if it was unsigned.
>
> I think I will switch BoundedMemoryRegion to having factory methods that do the validation, and then have ones where the length is known, which do a range check, and ones where the length is unknown, that cap the it to where it can not overflow. Then I can use the latter for void *. If a bad pointer is passed from native, the known-length case should fail on construction of the memory region, and the unknown-length case should fail when dereferencing (since there is already a bounds check being done).
>
> What do you think?
>
+1.
Cheers,
Henry
> Thanks,
> Jorn
>
> Henry Jen schreef op 2018-10-30 01:59:
>> BTW, the change in toString is not needed, as toUnsignedString(l, 16)
>> is same as toHexString(l)?
>> Cheers,
>> Henry
>>> On Oct 29, 2018, at 5:56 PM, Henry Jen <henry.jen at oracle.com> wrote:
>>> I am afraid this is not that simple, we need to at least protect length from overflow the address to >= 0.
>>> I haven’t completely check the implementation, we need to make sure all other operation will not expand or shift the region, which I believe is the constraint of the design. If that’s indeed the case, guard at construction is probably good enough.
>>> Cheers,
>>> Henry
>>>> On Oct 29, 2018, at 10:04 AM, Jorn Vernee <jbvernee at xs4all.nl> wrote:
>>>> Hello,
>>>> Please review this patch which tweaks the binder to allow negative values for native pointers.
>>>> The problem was previously discussed here: http://mail.openjdk.java.net/pipermail/panama-dev/2018-October/002994.html
>>>> Bug : https://bugs.openjdk.java.net/browse/JDK-8212987
>>>> Webrev : http://cr.openjdk.java.net/~jvernee/panama/webrevs/8212987/
>>>> As a reminder, I'm not a committer, so someone else will have to push this.
>>>> Thanks,
>>>> Jorn
More information about the panama-dev
mailing list