Mercurial > hg > truffle

changeset 13034:ea79ab313e98

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8027252: Crash in interpreter because get_unsigned_2_byte_index_at_bcp reads 4 bytes Summary: Use 2-byte loads to load indexes from the byte code stream to avoid out of bounds reads. Reviewed-by: coleenp, sspitsyn
author mgerdin
date Wed, 30 Oct 2013 15:35:25 +0100
parents 1a04de1aaedb
children 4fe7815b04f5
files src/cpu/x86/vm/interp_masm_x86_32.cpp src/cpu/x86/vm/interp_masm_x86_64.cpp src/cpu/x86/vm/templateTable_x86_32.cpp src/cpu/x86/vm/templateTable_x86_64.cpp
diffstat 4 files changed, 14 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/src/cpu/x86/vm/interp_masm_x86_32.cpp	Mon Oct 28 21:41:48 2013 +0400
+++ b/src/cpu/x86/vm/interp_masm_x86_32.cpp	Wed Oct 30 15:35:25 2013 +0100
@@ -196,7 +196,7 @@
 
 void InterpreterMacroAssembler::get_unsigned_2_byte_index_at_bcp(Register reg, int bcp_offset) {
   assert(bcp_offset >= 0, "bcp is still pointing to start of bytecode");
-  movl(reg, Address(rsi, bcp_offset));
+  load_unsigned_short(reg, Address(rsi, bcp_offset));
   bswapl(reg);
   shrl(reg, 16);
 }
--- a/src/cpu/x86/vm/interp_masm_x86_64.cpp	Mon Oct 28 21:41:48 2013 +0400
+++ b/src/cpu/x86/vm/interp_masm_x86_64.cpp	Wed Oct 30 15:35:25 2013 +0100
@@ -192,7 +192,7 @@
   Register reg,
   int bcp_offset) {
   assert(bcp_offset >= 0, "bcp is still pointing to start of bytecode");
-  movl(reg, Address(r13, bcp_offset));
+  load_unsigned_short(reg, Address(r13, bcp_offset));
   bswapl(reg);
   shrl(reg, 16);
 }
--- a/src/cpu/x86/vm/templateTable_x86_32.cpp	Mon Oct 28 21:41:48 2013 +0400
+++ b/src/cpu/x86/vm/templateTable_x86_32.cpp	Wed Oct 30 15:35:25 2013 +0100
@@ -558,7 +558,7 @@
 
 
 void TemplateTable::locals_index_wide(Register reg) {
-  __ movl(reg, at_bcp(2));
+  __ load_unsigned_short(reg, at_bcp(2));
   __ bswapl(reg);
   __ shrl(reg, 16);
   __ negptr(reg);
@@ -1552,7 +1552,11 @@
                               InvocationCounter::counter_offset();
 
   // Load up EDX with the branch displacement
-  __ movl(rdx, at_bcp(1));
+  if (is_wide) {
+    __ movl(rdx, at_bcp(1));
+  } else {
+    __ load_signed_short(rdx, at_bcp(1));
+  }
   __ bswapl(rdx);
   if (!is_wide) __ sarl(rdx, 16);
   LP64_ONLY(__ movslq(rdx, rdx));
--- a/src/cpu/x86/vm/templateTable_x86_64.cpp	Mon Oct 28 21:41:48 2013 +0400
+++ b/src/cpu/x86/vm/templateTable_x86_64.cpp	Wed Oct 30 15:35:25 2013 +0100
@@ -568,7 +568,7 @@
 }
 
 void TemplateTable::locals_index_wide(Register reg) {
-  __ movl(reg, at_bcp(2));
+  __ load_unsigned_short(reg, at_bcp(2));
   __ bswapl(reg);
   __ shrl(reg, 16);
   __ negptr(reg);
@@ -1575,7 +1575,11 @@
                               InvocationCounter::counter_offset();
 
   // Load up edx with the branch displacement
-  __ movl(rdx, at_bcp(1));
+  if (is_wide) {
+    __ movl(rdx, at_bcp(1));
+  } else {
+    __ load_signed_short(rdx, at_bcp(1));
+  }
   __ bswapl(rdx);
 
   if (!is_wide) {