Mercurial > hg > graal-jvmci-8

diff src/share/vm/classfile/verifier.cpp @ 22916:6b65121b3258

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
7127066: Class verifier accepts an invalid class file Summary: For *store bytecodes, compare incoming, not outgoing, type state with exception handlers' stack maps. Reviewed-by: acorn, dholmes
author hseigel
date Wed, 25 Mar 2015 08:16:48 -0400
parents 695017a614d5
children dd9cc155639c 0095e54dcaa1
line wrap: on
line diff
--- a/src/share/vm/classfile/verifier.cpp	Thu Mar 19 15:25:54 2015 +0100
+++ b/src/share/vm/classfile/verifier.cpp	Wed Mar 25 08:16:48 2015 -0400
@@ -655,6 +655,7 @@
 
 
     bool this_uninit = false;  // Set to true when invokespecial <init> initialized 'this'
+    bool verified_exc_handlers = false;
 
     // Merge with the next instruction
     {
@@ -686,6 +687,18 @@
         }
       }
 
+      // Look for possible jump target in exception handlers and see if it
+      // matches current_frame.  Do this check here for astore*, dstore*,
+      // fstore*, istore*, and lstore* opcodes because they can change the type
+      // state by adding a local.  JVM Spec says that the incoming type state
+      // should be used for this check.  So, do the check here before a possible
+      // local is added to the type state.
+      if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
+        verify_exception_handler_targets(
+          bci, this_uninit, &current_frame, &stackmap_table, CHECK_VERIFY(this));
+        verified_exc_handlers = true;
+      }
+
       switch (opcode) {
         case Bytecodes::_nop :
           no_control_flow = false; break;
@@ -1662,9 +1675,13 @@
       }  // end switch
     }  // end Merge with the next instruction
 
-    // Look for possible jump target in exception handlers and see if it
-    // matches current_frame
-    if (bci >= ex_min && bci < ex_max) {
+    // Look for possible jump target in exception handlers and see if it matches
+    // current_frame.  Don't do this check if it has already been done (for
+    // ([a,d,f,i,l]store* opcodes).  This check cannot be done earlier because
+    // opcodes, such as invokespecial, may set the this_uninit flag.
+    assert(!(verified_exc_handlers && this_uninit),
+      "Exception handler targets got verified before this_uninit got set");
+    if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
       verify_exception_handler_targets(
         bci, this_uninit, &current_frame, &stackmap_table, CHECK_VERIFY(this));
     }