Bug: MemorySegment bounds check doesn't work for some values and allows segmentation fault

[Marcel Käufler]

Hi,

I've encountered a bug with the MemorySegment bounds check. For some 
values, instead of throwing and IndexOutOfBoundsException, the access 
goes through and causes a segmentation fault. I didn't dig into it but I 
expect some kind of overflow / casting error that makes the address 
appear to be in a valid range.

Tested with both the JDK 16 release and the current panama main branch.

To reproduce:

import jdk.incubator.foreign.MemoryAccess;
import jdk.incubator.foreign.MemorySegment;
import jdk.incubator.foreign.ResourceScope;

public class SIGSEGV {
     public static void main(String[] args) {
         MemorySegment memorySegment = 
MemorySegment.allocateNative(2147479552, ResourceScope.globalScope());
         MemoryAccess.getLongAtOffset(memorySegment, 8223372036854705800L);
     }
}



#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007f345fc19053, pid=224993, tid=224996
#
# JRE version: OpenJDK Runtime Environment (17.0) (build 
17-internal+0-adhoc..panama-foreign)
# Java VM: OpenJDK 64-Bit Server VM 
(17-internal+0-adhoc..panama-foreign, mixed mode, sharing, tiered, 
compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V  [libjvm.so+0xf0a053]  Unsafe_GetLong+0x133
#
# Core dump will be written. Default location: Core dumps may be 
processed with "/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h" 
(or dumping to /home/marcel/IdeaProjects/BoundsCheck/core.224993)
#
# An error report file with more information is saved as:
# /home/marcel/IdeaProjects/BoundsCheck/hs_err_pid224993.log
#
# If you would like to submit a bug report, please visit:
#   https://bugreport.java.com/bugreport/crash.jsp
#

Process finished with exit code 134 (interrupted by signal 6: SIGABRT)


Best Regards,
Marcel