Skip to content

Commit

Permalink
8279545: Buffer overrun in reverse_words of sharedRuntime_x86_64.cpp:…
Browse files Browse the repository at this point in the history 
…3517

Backport-of: 35734ad0805b9ecaf6eb72a4b1513b8de53ed72c
  • Loading branch information
@shipilev
shipilev committed Jun 19, 2023
1 parent 5fc07b5 commit 852c26c
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 9 deletions.
8 changes: 5 additions & 3 deletions src/hotspot/cpu/ppc/sharedRuntime_ppc.cpp
View file
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2021 SAP SE. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
Expand Down Expand Up @@ -3390,8 +3390,9 @@ void SharedRuntime::montgomery_multiply(jint *a_ints, jint *b_ints, jint *n_ints
// Make very sure we don't use so much space that the stack might
// overflow. 512 jints corresponds to an 16384-bit integer and
// will use here a total of 8k bytes of stack space.
int divisor = sizeof(unsigned long) * 4;
guarantee(longwords <= 8192 / divisor, "must be");
int total_allocation = longwords * sizeof (unsigned long) * 4;
guarantee(total_allocation <= 8192, "must be");
unsigned long *scratch = (unsigned long *)alloca(total_allocation);

// Local scratch arrays
Expand Down Expand Up @@ -3420,8 +3421,9 @@ void SharedRuntime::montgomery_square(jint *a_ints, jint *n_ints,
// Make very sure we don't use so much space that the stack might
// overflow. 512 jints corresponds to an 16384-bit integer and
// will use here a total of 6k bytes of stack space.
int divisor = sizeof(unsigned long) * 3;
guarantee(longwords <= (8192 / divisor), "must be");
int total_allocation = longwords * sizeof (unsigned long) * 3;
guarantee(total_allocation <= 8192, "must be");
unsigned long *scratch = (unsigned long *)alloca(total_allocation);

// Local scratch arrays
Expand Down
8 changes: 5 additions & 3 deletions src/hotspot/cpu/s390/sharedRuntime_s390.cpp
View file
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2016, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2016, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2016, 2019 SAP SE. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
Expand Down Expand Up @@ -3409,8 +3409,9 @@ void SharedRuntime::montgomery_multiply(jint *a_ints, jint *b_ints, jint *n_ints
// Make very sure we don't use so much space that the stack might
// overflow. 512 jints corresponds to an 16384-bit integer and
// will use here a total of 8k bytes of stack space.
int divisor = sizeof(unsigned long) * 4;
guarantee(longwords <= 8192 / divisor, "must be");
int total_allocation = longwords * sizeof (unsigned long) * 4;
guarantee(total_allocation <= 8192, "must be");
unsigned long *scratch = (unsigned long *)alloca(total_allocation);

// Local scratch arrays
Expand Down Expand Up @@ -3439,8 +3440,9 @@ void SharedRuntime::montgomery_square(jint *a_ints, jint *n_ints,
// Make very sure we don't use so much space that the stack might
// overflow. 512 jints corresponds to an 16384-bit integer and
// will use here a total of 6k bytes of stack space.
int divisor = sizeof(unsigned long) * 3;
guarantee(longwords <= (8192 / divisor), "must be");
int total_allocation = longwords * sizeof (unsigned long) * 3;
guarantee(total_allocation <= 8192, "must be");
unsigned long *scratch = (unsigned long *)alloca(total_allocation);

// Local scratch arrays
Expand Down
8 changes: 5 additions & 3 deletions src/hotspot/cpu/x86/sharedRuntime_x86_64.cpp
View file
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -3714,8 +3714,9 @@ void SharedRuntime::montgomery_multiply(jint *a_ints, jint *b_ints, jint *n_ints
// Make very sure we don't use so much space that the stack might
// overflow. 512 jints corresponds to an 16384-bit integer and
// will use here a total of 8k bytes of stack space.
int divisor = sizeof(julong) * 4;
guarantee(longwords <= 8192 / divisor, "must be");
int total_allocation = longwords * sizeof (julong) * 4;
guarantee(total_allocation <= 8192, "must be");
julong *scratch = (julong *)alloca(total_allocation);

// Local scratch arrays
Expand Down Expand Up @@ -3743,8 +3744,9 @@ void SharedRuntime::montgomery_square(jint *a_ints, jint *n_ints,
// Make very sure we don't use so much space that the stack might
// overflow. 512 jints corresponds to an 16384-bit integer and
// will use here a total of 6k bytes of stack space.
int divisor = sizeof(julong) * 3;
guarantee(longwords <= (8192 / divisor), "must be");
int total_allocation = longwords * sizeof (julong) * 3;
guarantee(total_allocation <= 8192, "must be");
julong *scratch = (julong *)alloca(total_allocation);

// Local scratch arrays
Expand Down

1 comment on commit 852c26c

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review

Issues

Please sign in to comment.