8352724: Verify bounds for primitive array reads in JVMCI #24200
Conversation
|
Hi @pecimuth, welcome to this OpenJDK project and thanks for contributing! We do not recognize you as Contributor and need to ensure you have signed the Oracle Contributor Agreement (OCA). If you have not signed the OCA, please follow the instructions. Please fill in your GitHub username in the "Username" field of the application. Once you have signed the OCA, please let us know by writing If you already are an OpenJDK Author, Committer or Reviewer, please click here to open a new issue so that we can record that fact. Please use "Add GitHub user pecimuth" as summary for the issue. If you are contributing this work on behalf of your employer and your employer has signed the OCA, please let us know by writing |
|
@pecimuth This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 375 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. As you do not have Committer status in this project an existing Committer must agree to sponsor your change. Possible candidates are the reviewers of this PR (@dougxc) but any other Committer may sponsor as well. ➡️ To flag this PR as ready for integration with the above commit message, type |
openjdk
bot
added
graal
|
/covered |
|
Thank you! Please allow for a few business days to verify that your employer has signed the OCA. Also, please note that pull requests that are pending an OCA check will not usually be evaluated, so your patience is appreciated! |
bridgekeeper
bot
removed
oca
|
Webrevs
|
| for (ConstantValue cv : readConstants(ArrayConstants.class)) { | ||
| if (cv.boxed != null && cv.boxed.getClass().isArray()) { | ||
| JavaKind kind = metaAccess.lookupJavaType(cv.value).getComponentType().getJavaKind(); | ||
| long offset = metaAccess.getArrayBaseOffset(kind) + (long) metaAccess.getArrayIndexScale(kind) * Array.getLength(cv.boxed); |
There was a problem hiding this comment.
If I understand correctly, this tests a read of an element one past the end of the array.
Can you please also add a test for a read that is partially out-of-bounds:
long offset = 1 + metaAccess.getArrayBaseOffset(kind) + (long) metaAccess.getArrayIndexScale(kind) * (Array.getLength(cv.boxed) - 1);
There was a problem hiding this comment.
I added a test for a long read from array[array.index - 1] because adding + 1 would make the read unaligned (which is also not allowed). Please check it out.
|
/integrate |
|
/sponsor |
|
Going to push as commit de0e648.
Your commit was automatically rebased without conflicts. |
openjdk
bot
removed
ready
2 participants
This PR adds a bounds check for primitive array reads in JVMCI. When a JVMCI compiler attempts to read after the last array element (from the padding of the allocated object), JVMCI should throw an exception instead of returning a garbage value. The check added in this PR handles both primitive and object reads.
Progress
Issue
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/24200/head:pull/24200$ git checkout pull/24200Update a local copy of the PR:
$ git checkout pull/24200$ git pull https://git.openjdk.org/jdk.git pull/24200/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 24200View PR using the GUI difftool:
$ git pr show -t 24200Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/24200.diff
Using Webrev
Link to Webrev Comment