RFR: JDK-8049516: sun.security.provider.SeedGenerator throws ArrayIndexOutOfBoundsException
Wang Weijun
weijun.wang at oracle.com
Wed Sep 21 02:52:06 UTC 2016
> On Sep 21, 2016, at 9:58 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>
> 359 while (System.nanoTime() - startTime < 250000000) {
> 360 synchronized(this){};
> - 361 latch++;
> + 361 latch = (latch + 1) % Integer.MAX_VALUE;
> 362 }
>
> This block may be not CPU friendly as it may loop a large amount of times in a very short period (250milli).
To get a <255 index I think we only need to loop for <66536 times.
How about we stop at every millisecond and see if it's enough? Something like this:
long next = startTime + 1000000;
while (next < startTime + 250000000) {
while (System.nanoTime() < next) {
synchronized(this){};
latch++;
}
if (latch > 65535 || latch < 0) break;
next += 1000000;
}
>
> What's the usage of line 360? Just for some computation?
>
> 367 counter += latch;
> The counter variable may be overflow too.
I find this strange. Were computers so slow in 1996 that within 250ms latch cannot exceed 64000?
--Max
>
> Xuelei
>
> On 9/21/2016 8:57 AM, Jamil Nimeh wrote:
>> Hello all,
>>
>> This fixes a bug found in stress testing where on faster CPUs the latch
>> can overflow resulting in a negative array index. The fix avoids the
>> overflow by resetting the latch to 0 when it reaches Integer.MAX_VALUE -
>> 1 and will continue increasing from there.
>>
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8049516
>> Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8049516/webrev.01/
>>
>> Thanks,
>> --Jamil
More information about the security-dev
mailing list