Mercurial > hg > graal-jvmci-8
diff src/share/vm/oops/generateOopMap.cpp @ 3862:52e4ba46751f
7020373: JSR rewriting can overflow memory address size variables
Summary: Abort if incoming classfile's parameters would cause overflows
Reviewed-by: coleenp, dcubed, never
author | kamg |
---|---|
date | Tue, 12 Apr 2011 16:42:26 -0400 |
parents | 3582bf76420e |
children | 9f12ede5571a |
line wrap: on
line diff
--- a/src/share/vm/oops/generateOopMap.cpp Fri May 27 15:01:07 2011 -0700 +++ b/src/share/vm/oops/generateOopMap.cpp Tue Apr 12 16:42:26 2011 -0400 @@ -963,10 +963,21 @@ // initialize the CellTypeState-related information. init_state(); - // We allocate space for all state-vectors for all basicblocks in one huge chuck. - // Then in the next part of the code, we set a pointer in each _basic_block that - // points to each piece. - CellTypeState *basicBlockState = NEW_RESOURCE_ARRAY(CellTypeState, bbNo * _state_len); + // We allocate space for all state-vectors for all basicblocks in one huge + // chunk. Then in the next part of the code, we set a pointer in each + // _basic_block that points to each piece. + + // The product of bbNo and _state_len can get large if there are lots of + // basic blocks and stack/locals/monitors. Need to check to make sure + // we don't overflow the capacity of a pointer. + if ((unsigned)bbNo > UINTPTR_MAX / sizeof(CellTypeState) / _state_len) { + report_error("The amount of memory required to analyze this method " + "exceeds addressable range"); + return; + } + + CellTypeState *basicBlockState = + NEW_RESOURCE_ARRAY(CellTypeState, bbNo * _state_len); memset(basicBlockState, 0, bbNo * _state_len * sizeof(CellTypeState)); // Make a pass over the basicblocks and assign their state vectors.