RFR: JDK-8049516: sun.security.provider.SeedGenerator throws ArrayIndexOutOfBoundsException

Wang Weijun weijun.wang at oracle.com
Wed Sep 21 02:52:06 UTC 2016


> On Sep 21, 2016, at 9:58 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
> 
>  359   while (System.nanoTime() - startTime < 250000000) {
>  360       synchronized(this){};
> - 361       latch++;
> + 361       latch = (latch + 1) % Integer.MAX_VALUE;
>  362   }
> 
> This block may be not CPU friendly as it may loop a large amount of times in a very short period (250milli).

To get a <255 index I think we only need to loop for <66536 times.

How about we stop at every millisecond and see if it's enough? Something like this:

    long next = startTime + 1000000;
    while (next < startTime + 250000000) {
        while (System.nanoTime() < next) {
            synchronized(this){};
            latch++;
        }
        if (latch > 65535 || latch < 0) break;
        next += 1000000;
    }

> 
> What's the usage of line 360?  Just for some computation?
> 
> 367   counter += latch;
> The counter variable may be overflow too.

I find this strange. Were computers so slow in 1996 that within 250ms latch cannot exceed 64000?

--Max

> 
> Xuelei
> 
> On 9/21/2016 8:57 AM, Jamil Nimeh wrote:
>> Hello all,
>> 
>> This fixes a bug found in stress testing where on faster CPUs the latch
>> can overflow resulting in a negative array index.  The fix avoids the
>> overflow by resetting the latch to 0 when it reaches Integer.MAX_VALUE -
>> 1 and will continue increasing from there.
>> 
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8049516
>> Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8049516/webrev.01/
>> 
>> Thanks,
>> --Jamil



More information about the security-dev mailing list