[lworld] RFR: 8271486: [lworld] Memory corruption due to out of bound access in MacroAssembler::move_helper

Tobias Hartmann thartmann at openjdk.java.net
Thu Jul 29 16:11:04 UTC 2021


While debugging weird crashes that only showed up when merging current mainline with lworld, I've noticed that we are writing outside of the `reg_state` array in `MacroAssembler::move_helper` because `from->value()` is `-1` (`OptoReg::BAD_REG`): 
https://github.com/openjdk/valhalla/blob/3c399d9f7f36903e4c2583c16b0080e01181114a/src/hotspot/cpu/x86/macroAssembler_x86.cpp#L5794-L5797

The register is invalid because it belongs to the second half of a `T_LONG` or `T_DOUBLE` argument in the calling convention and should simply be ignored. I've also added asserts to catch similar issues in the future.

Thanks,
Tobias

-------------

Commit messages:
 - 8271486: [lworld] Memory corruption due to out of bound access in MacroAssembler::move_helper

Changes: https://git.openjdk.java.net/valhalla/pull/507/files
 Webrev: https://webrevs.openjdk.java.net/?repo=valhalla&pr=507&range=00
  Issue: https://bugs.openjdk.java.net/browse/JDK-8271486
  Stats: 14 lines in 3 files changed: 11 ins; 0 del; 3 mod
  Patch: https://git.openjdk.java.net/valhalla/pull/507.diff
  Fetch: git fetch https://git.openjdk.java.net/valhalla pull/507/head:pull/507

PR: https://git.openjdk.java.net/valhalla/pull/507



More information about the valhalla-dev mailing list