# HG changeset patch
# User Doug Simon <doug.simon@oracle.com>
# Date 1491223645 -7200
# Node ID 3ce198ad35a62356dccc9ddb6672af31c7d69c55
# Parent  6508ce8d068f27e7738c218bb7cf0229a255f77b
check displacement >= 0 (JDK-8177673)

diff -r 6508ce8d068f -r 3ce198ad35a6 jvmci/jdk.vm.ci.hotspot/src/jdk/vm/ci/hotspot/HotSpotMemoryAccessProviderImpl.java
--- a/jvmci/jdk.vm.ci.hotspot/src/jdk/vm/ci/hotspot/HotSpotMemoryAccessProviderImpl.java	Sun Apr 02 00:38:39 2017 +0200
+++ b/jvmci/jdk.vm.ci.hotspot/src/jdk/vm/ci/hotspot/HotSpotMemoryAccessProviderImpl.java	Mon Apr 03 14:47:25 2017 +0200
@@ -96,7 +96,7 @@
             int length = Array.getLength(object);
             long arrayEnd = headerSize + (sizeOfElement * length);
             boolean aligned = ((displacement - headerSize) % sizeOfElement) == 0;
-            if (displacement > (arrayEnd - sizeOfElement) || (kind == JavaKind.Object && !aligned)) {
+            if (displacement < 0 || displacement > (arrayEnd - sizeOfElement) || (kind == JavaKind.Object && !aligned)) {
                 int index = (int) ((displacement - headerSize) / sizeOfElement);
                 throw new AssertionError("Unsafe array access: reading element of kind " + kind +
                                 " at offset " + displacement + " (index ~ " + index + ") in " +