[lworld] RFR: 8271486: [lworld] Memory corruption due to out of bound access in MacroAssembler::move_helper
Tobias Hartmann
thartmann at openjdk.java.net
Thu Jul 29 16:11:04 UTC 2021
While debugging weird crashes that only showed up when merging current mainline with lworld, I've noticed that we are writing outside of the `reg_state` array in `MacroAssembler::move_helper` because `from->value()` is `-1` (`OptoReg::BAD_REG`):
https://github.com/openjdk/valhalla/blob/3c399d9f7f36903e4c2583c16b0080e01181114a/src/hotspot/cpu/x86/macroAssembler_x86.cpp#L5794-L5797
The register is invalid because it belongs to the second half of a `T_LONG` or `T_DOUBLE` argument in the calling convention and should simply be ignored. I've also added asserts to catch similar issues in the future.
Thanks,
Tobias
-------------
Commit messages:
- 8271486: [lworld] Memory corruption due to out of bound access in MacroAssembler::move_helper
Changes: https://git.openjdk.java.net/valhalla/pull/507/files
Webrev: https://webrevs.openjdk.java.net/?repo=valhalla&pr=507&range=00
Issue: https://bugs.openjdk.java.net/browse/JDK-8271486
Stats: 14 lines in 3 files changed: 11 ins; 0 del; 3 mod
Patch: https://git.openjdk.java.net/valhalla/pull/507.diff
Fetch: git fetch https://git.openjdk.java.net/valhalla pull/507/head:pull/507
PR: https://git.openjdk.java.net/valhalla/pull/507
More information about the valhalla-dev
mailing list