RFR: JDK-8049516: sun.security.provider.SeedGenerator throws ArrayIndexOutOfBoundsException

Jamil Nimeh jamil.j.nimeh at oracle.com
Thu Sep 22 08:05:18 UTC 2016


That's a very good suggestion.  I've made that change and updated the 
webrev:

http://cr.openjdk.java.net/~jnimeh/reviews/8049516/webrev.02/

Thanks again,
--Jamil

On 09/21/2016 05:34 PM, Xuelei Fan wrote:
> > latch = (latch + 1) & 0x7FFFFFFF;  // Mask the sign bit
> I'm fine with it.
>
> BTW, if you like, I may suggest to use a little bit small number for 
> the mask, for example 0x1FFFFFFF, so that the counter variable does 
> not overflow either.  It works if counter overflow, but better not if 
> we want the counter meaningful.
>
> Xuelei
>
>
> On 9/22/2016 7:29 AM, Jamil Nimeh wrote:
>> So here are a couple ideas related to your suggestion.
>>
>> We can leave a simple increment on latch and let it overflow, then in
>> the array access do this:
>>
>> v ^= rndTab[(latch & 0x7FFFFFFF) % 255];
>>
>> That clears the high order bit and the mod will keep it in the range of
>> 0-254.  the lvalue for the mod operation will never go negative.  The
>> downside of that is counter will still get assigned a large negative
>> value (which as I said earlier could cause another iteration of the main
>> loop...not the end of the world since it can only happen 6 times max).
>>
>> The other approach would be to increment latch and mask off the high
>> order bit:
>>
>> latch = (latch + 1) & 0x7FFFFFFF;  // Mask the sign bit
>>
>> Then the v^=[latch % 255] is safe as-is and counter doesn't get some
>> massively negative value (though it can still overflow across multiple
>> iterations of the outer loop).
>>
>> I like the second approach a little better, personally. Up-front use of
>> the bitwise-and is a little more clear that we're forcing the value to
>> be non-negative before we use it as an array index input.  Let me know
>> what you think and I'll update the webrev accordingly.
>>
>> Thanks,
>> --Jamil
>>
>> On 09/21/2016 09:05 AM, Wang Weijun wrote:
>>> I am OK with your fix, but I found "(latch + 1) % Integer.MAX_VALUE" a
>>> little difficult to understand. Does rndTab[latch & 0xff] also work?
>>>
>>> Thanks
>>> Max
>>>
>>>
>>>> On Sep 21, 2016, at 11:57 PM, Jamil Nimeh <jamil.j.nimeh at oracle.com>
>>>> wrote:
>>>>
>>>> Hi Max and Xuelei,
>>>>
>>>> Yesterday I also reached out to the SQE engineer who submitted the
>>>> bug, asking if this is an issue he's seen going forward from the
>>>> original instance in 8u20.  He said that he hasn't seen this issue
>>>> come up since the original bug submission.  Since the simple overflow
>>>> condition is easily solved with my fix, and the code has been
>>>> otherwise stable I'd like to suggest that we keep the fix as-is.  The
>>>> loop timing as it stands now is not the source of the bug, other than
>>>> that latch can overflow and that is solved in one line.  If we want
>>>> to revisit this and improve the overall performance (though I haven't
>>>> seen evidence that there is a perf issue with this at all) then maybe
>>>> an RFE is in order.  What do you think?
>>>>
>>>> --Jamil
>>



More information about the security-dev mailing list