Skip to content

Commit

Permalink
8343984: Fix Unsafe address overflow
Browse files Browse the repository at this point in the history 
Reviewed-by: pminborg, alanb
  • Loading branch information
@wenshao
wenshao committed Nov 13, 2024
1 parent 168b18e commit 0dab920
Show file tree
Hide file tree
Showing 11 changed files with 34 additions and 34 deletions.
22 changes: 11 additions & 11 deletions src/java.base/share/classes/java/lang/StringLatin1.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -830,22 +830,22 @@ static Stream<String> lines(byte[] value) {
static void putCharsAt(byte[] val, int index, int c1, int c2, int c3, int c4) {
assert index >= 0 && index + 3 < length(val) : "Trusted caller missed bounds check";
// Don't use the putChar method, Its instrinsic will cause C2 unable to combining values into larger stores.
long address = Unsafe.ARRAY_BYTE_BASE_OFFSET + index;
UNSAFE.putByte(val, address , (byte)(c1));
UNSAFE.putByte(val, address + 1, (byte)(c2));
UNSAFE.putByte(val, address + 2, (byte)(c3));
UNSAFE.putByte(val, address + 3, (byte)(c4));
long offset = (long) Unsafe.ARRAY_BYTE_BASE_OFFSET + index;
UNSAFE.putByte(val, offset , (byte)(c1));
UNSAFE.putByte(val, offset + 1, (byte)(c2));
UNSAFE.putByte(val, offset + 2, (byte)(c3));
UNSAFE.putByte(val, offset + 3, (byte)(c4));
}

static void putCharsAt(byte[] val, int index, int c1, int c2, int c3, int c4, int c5) {
assert index >= 0 && index + 4 < length(val) : "Trusted caller missed bounds check";
// Don't use the putChar method, Its instrinsic will cause C2 unable to combining values into larger stores.
long address = Unsafe.ARRAY_BYTE_BASE_OFFSET + index;
UNSAFE.putByte(val, address , (byte)(c1));
UNSAFE.putByte(val, address + 1, (byte)(c2));
UNSAFE.putByte(val, address + 2, (byte)(c3));
UNSAFE.putByte(val, address + 3, (byte)(c4));
UNSAFE.putByte(val, address + 4, (byte)(c5));
long offset = (long) Unsafe.ARRAY_BYTE_BASE_OFFSET + index;
UNSAFE.putByte(val, offset , (byte)(c1));
UNSAFE.putByte(val, offset + 1, (byte)(c2));
UNSAFE.putByte(val, offset + 2, (byte)(c3));
UNSAFE.putByte(val, offset + 3, (byte)(c4));
UNSAFE.putByte(val, offset + 4, (byte)(c5));
}

public static void putChar(byte[] val, int index, int c) {
Expand Down
8 changes: 4 additions & 4 deletions src/java.base/share/classes/java/util/zip/ZipUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,7 @@ public static final int get16(byte[] b, int off) {
Preconditions.checkIndex(off, b.length, Preconditions.AIOOBE_FORMATTER);
Preconditions.checkIndex(off + 1, b.length, Preconditions.AIOOBE_FORMATTER);
return Short.toUnsignedInt(
UNSAFE.getShortUnaligned(b, off + Unsafe.ARRAY_BYTE_BASE_OFFSET, false));
UNSAFE.getShortUnaligned(b, off + (long) Unsafe.ARRAY_BYTE_BASE_OFFSET, false));
}

/**
Expand All @@ -185,7 +185,7 @@ public static final long get32(byte[] b, int off) {
Preconditions.checkIndex(off, b.length, Preconditions.AIOOBE_FORMATTER);
Preconditions.checkIndex(off + 3, b.length, Preconditions.AIOOBE_FORMATTER);
return Integer.toUnsignedLong(
UNSAFE.getIntUnaligned(b, off + Unsafe.ARRAY_BYTE_BASE_OFFSET, false));
UNSAFE.getIntUnaligned(b, off + (long) Unsafe.ARRAY_BYTE_BASE_OFFSET, false));
}

/**
Expand All @@ -195,7 +195,7 @@ public static final long get32(byte[] b, int off) {
public static final long get64S(byte[] b, int off) {
Preconditions.checkIndex(off, b.length, Preconditions.AIOOBE_FORMATTER);
Preconditions.checkIndex(off + 7, b.length, Preconditions.AIOOBE_FORMATTER);
return UNSAFE.getLongUnaligned(b, off + Unsafe.ARRAY_BYTE_BASE_OFFSET, false);
return UNSAFE.getLongUnaligned(b, off + (long) Unsafe.ARRAY_BYTE_BASE_OFFSET, false);
}

/**
Expand All @@ -206,7 +206,7 @@ public static final long get64S(byte[] b, int off) {
public static final int get32S(byte[] b, int off) {
Preconditions.checkIndex(off, b.length, Preconditions.AIOOBE_FORMATTER);
Preconditions.checkIndex(off + 3, b.length, Preconditions.AIOOBE_FORMATTER);
return UNSAFE.getIntUnaligned(b, off + Unsafe.ARRAY_BYTE_BASE_OFFSET, false);
return UNSAFE.getIntUnaligned(b, off + (long) Unsafe.ARRAY_BYTE_BASE_OFFSET, false);
}

/*
Expand Down
6 changes: 3 additions & 3 deletions src/java.base/unix/classes/sun/nio/fs/UnixUserDefinedFileAttributeView.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2008, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2008, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -194,7 +194,7 @@ public int read(String name, ByteBuffer dst) throws IOException {
int n = read(name, address, rem);

// copy from buffer into backing array
int off = dst.arrayOffset() + pos + Unsafe.ARRAY_BYTE_BASE_OFFSET;
long off = dst.arrayOffset() + pos + (long) Unsafe.ARRAY_BYTE_BASE_OFFSET;
unsafe.copyMemory(null, address, dst.array(), off, n);
dst.position(pos + n);

Expand Down Expand Up @@ -257,7 +257,7 @@ public int write(String name, ByteBuffer src) throws IOException {

if (src.hasArray()) {
// copy from backing array into buffer
int off = src.arrayOffset() + pos + Unsafe.ARRAY_BYTE_BASE_OFFSET;
long off = src.arrayOffset() + pos + (long) Unsafe.ARRAY_BYTE_BASE_OFFSET;
unsafe.copyMemory(src.array(), off, null, address, rem);
} else {
// backing array not accessible so transfer via temporary array
Expand Down
18 changes: 9 additions & 9 deletions src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/utilities/HeapHprofBinWriter.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2004, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2004, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -1005,56 +1005,56 @@ protected void writePrimitiveArray(TypeArray array) throws IOException {

private void writeBooleanArray(TypeArray array, int length) throws IOException {
for (int index = 0; index < length; index++) {
long offset = BOOLEAN_BASE_OFFSET + index * BOOLEAN_SIZE;
long offset = (long) BOOLEAN_BASE_OFFSET + index * BOOLEAN_SIZE;
out.writeBoolean(array.getHandle().getJBooleanAt(offset));
}
}

private void writeByteArray(TypeArray array, int length) throws IOException {
for (int index = 0; index < length; index++) {
long offset = BYTE_BASE_OFFSET + index * BYTE_SIZE;
long offset = (long) BYTE_BASE_OFFSET + index * BYTE_SIZE;
out.writeByte(array.getHandle().getJByteAt(offset));
}
}

private void writeShortArray(TypeArray array, int length) throws IOException {
for (int index = 0; index < length; index++) {
long offset = SHORT_BASE_OFFSET + index * SHORT_SIZE;
long offset = (long) SHORT_BASE_OFFSET + index * SHORT_SIZE;
out.writeShort(array.getHandle().getJShortAt(offset));
}
}

private void writeIntArray(TypeArray array, int length) throws IOException {
for (int index = 0; index < length; index++) {
long offset = INT_BASE_OFFSET + index * INT_SIZE;
long offset = (long) INT_BASE_OFFSET + index * INT_SIZE;
out.writeInt(array.getHandle().getJIntAt(offset));
}
}

private void writeLongArray(TypeArray array, int length) throws IOException {
for (int index = 0; index < length; index++) {
long offset = LONG_BASE_OFFSET + index * LONG_SIZE;
long offset = (long) LONG_BASE_OFFSET + index * LONG_SIZE;
out.writeLong(array.getHandle().getJLongAt(offset));
}
}

private void writeCharArray(TypeArray array, int length) throws IOException {
for (int index = 0; index < length; index++) {
long offset = CHAR_BASE_OFFSET + index * CHAR_SIZE;
long offset = (long) CHAR_BASE_OFFSET + index * CHAR_SIZE;
out.writeChar(array.getHandle().getJCharAt(offset));
}
}

private void writeFloatArray(TypeArray array, int length) throws IOException {
for (int index = 0; index < length; index++) {
long offset = FLOAT_BASE_OFFSET + index * FLOAT_SIZE;
long offset = (long) FLOAT_BASE_OFFSET + index * FLOAT_SIZE;
out.writeFloat(array.getHandle().getJFloatAt(offset));
}
}

private void writeDoubleArray(TypeArray array, int length) throws IOException {
for (int index = 0; index < length; index++) {
long offset = DOUBLE_BASE_OFFSET + index * DOUBLE_SIZE;
long offset = (long) DOUBLE_BASE_OFFSET + index * DOUBLE_SIZE;
out.writeDouble(array.getHandle().getJDoubleAt(offset));
}
}
Expand Down
2 changes: 1 addition & 1 deletion src/jdk.incubator.vector/share/classes/jdk/incubator/vector/ByteVector.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4101,7 +4101,7 @@ static long booleanArrayAddress(boolean[] a, int index) {

@ForceInline
static long byteArrayAddress(byte[] a, int index) {
return Unsafe.ARRAY_BYTE_BASE_OFFSET + index;
return (long) Unsafe.ARRAY_BYTE_BASE_OFFSET + index;
}

// ================================================
Expand Down
2 changes: 1 addition & 1 deletion src/jdk.incubator.vector/share/classes/jdk/incubator/vector/DoubleVector.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3621,7 +3621,7 @@ static long arrayAddress(double[] a, int index) {

@ForceInline
static long byteArrayAddress(byte[] a, int index) {
return Unsafe.ARRAY_BYTE_BASE_OFFSET + index;
return (long) Unsafe.ARRAY_BYTE_BASE_OFFSET + index;
}

// ================================================
Expand Down
2 changes: 1 addition & 1 deletion src/jdk.incubator.vector/share/classes/jdk/incubator/vector/FloatVector.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3571,7 +3571,7 @@ static long arrayAddress(float[] a, int index) {

@ForceInline
static long byteArrayAddress(byte[] a, int index) {
return Unsafe.ARRAY_BYTE_BASE_OFFSET + index;
return (long) Unsafe.ARRAY_BYTE_BASE_OFFSET + index;
}

// ================================================
Expand Down
2 changes: 1 addition & 1 deletion src/jdk.incubator.vector/share/classes/jdk/incubator/vector/IntVector.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3739,7 +3739,7 @@ static long arrayAddress(int[] a, int index) {

@ForceInline
static long byteArrayAddress(byte[] a, int index) {
return Unsafe.ARRAY_BYTE_BASE_OFFSET + index;
return (long) Unsafe.ARRAY_BYTE_BASE_OFFSET + index;
}

// ================================================
Expand Down
2 changes: 1 addition & 1 deletion src/jdk.incubator.vector/share/classes/jdk/incubator/vector/LongVector.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3674,7 +3674,7 @@ static long arrayAddress(long[] a, int index) {

@ForceInline
static long byteArrayAddress(byte[] a, int index) {
return Unsafe.ARRAY_BYTE_BASE_OFFSET + index;
return (long) Unsafe.ARRAY_BYTE_BASE_OFFSET + index;
}

// ================================================
Expand Down
2 changes: 1 addition & 1 deletion src/jdk.incubator.vector/share/classes/jdk/incubator/vector/ShortVector.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4092,7 +4092,7 @@ static long charArrayAddress(char[] a, int index) {

@ForceInline
static long byteArrayAddress(byte[] a, int index) {
return Unsafe.ARRAY_BYTE_BASE_OFFSET + index;
return (long) Unsafe.ARRAY_BYTE_BASE_OFFSET + index;
}

// ================================================
Expand Down
2 changes: 1 addition & 1 deletion src/jdk.incubator.vector/share/classes/jdk/incubator/vector/X-Vector.java.template
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5310,7 +5310,7 @@ public abstract class $abstractvectortype$ extends AbstractVector<$Boxtype$> {

@ForceInline
static long byteArrayAddress(byte[] a, int index) {
return Unsafe.ARRAY_BYTE_BASE_OFFSET + index;
return (long) Unsafe.ARRAY_BYTE_BASE_OFFSET + index;
}

// ================================================
Expand Down

1 comment on commit 0dab920

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review

Issues

Please sign in to comment.