Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8271486: [lworld] Memory corruption due to out of bound access in MacroAssembler::move_helper #507

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
@@ -5789,6 +5789,7 @@ int MacroAssembler::store_inline_type_fields_to_buf(ciInlineKlass* vk, bool from

// Move a value between registers/stack slots and update the reg_state
bool MacroAssembler::move_helper(VMReg from, VMReg to, BasicType bt, RegState reg_state[]) {
assert(from->is_valid() && to->is_valid(), "source and destination must be valid");
if (reg_state[to->value()] == reg_written) {
return true; // Already written
}
@@ -5873,7 +5874,7 @@ bool MacroAssembler::unpack_inline_helper(const GrowableArray<SigEntry>* sig, in
VMReg from, int& from_index, VMRegPair* to, int to_count, int& to_index,
RegState reg_state[]) {
assert(sig->at(sig_index)._bt == T_VOID, "should be at end delimiter");
assert(from->is_valid(), "source must bevalid");
assert(from->is_valid(), "source must be valid");
Register tmp1 = r10, tmp2 = r11;
Register fromReg;
if (from->is_reg()) {
@@ -5890,6 +5891,7 @@ bool MacroAssembler::unpack_inline_helper(const GrowableArray<SigEntry>* sig, in
VMReg toReg;
BasicType bt;
while (stream.next(toReg, bt)) {
assert(toReg->is_valid(), "destination must be valid");
int off = sig->at(stream.sig_index())._offset;
assert(off > 0, "offset in object should be positive");
Address fromAddr = Address(fromReg, off);
@@ -5974,6 +5976,7 @@ bool MacroAssembler::pack_inline_helper(const GrowableArray<SigEntry>* sig, int&
VMReg fromReg;
BasicType bt;
while (stream.next(fromReg, bt)) {
assert(fromReg->is_valid(), "source must be valid");
int off = sig->at(stream.sig_index())._offset;
assert(off > 0, "offset in object should be positive");
size_t size_in_bytes = is_java_primitive(bt) ? type2aelembytes(bt) : wordSize;
@@ -5738,6 +5738,7 @@ int MacroAssembler::store_inline_type_fields_to_buf(ciInlineKlass* vk, bool from

// Move a value between registers/stack slots and update the reg_state
bool MacroAssembler::move_helper(VMReg from, VMReg to, BasicType bt, RegState reg_state[]) {
assert(from->is_valid() && to->is_valid(), "source and destination must be valid");
if (reg_state[to->value()] == reg_written) {
return true; // Already written
}
@@ -5818,7 +5819,7 @@ bool MacroAssembler::unpack_inline_helper(const GrowableArray<SigEntry>* sig, in
VMReg from, int& from_index, VMRegPair* to, int to_count, int& to_index,
RegState reg_state[]) {
assert(sig->at(sig_index)._bt == T_VOID, "should be at end delimiter");
assert(from->is_valid(), "source must bevalid");
assert(from->is_valid(), "source must be valid");
Register fromReg;
if (from->is_reg()) {
fromReg = from->as_Register();
@@ -5834,6 +5835,7 @@ bool MacroAssembler::unpack_inline_helper(const GrowableArray<SigEntry>* sig, in
VMReg toReg;
BasicType bt;
while (stream.next(toReg, bt)) {
assert(toReg->is_valid(), "destination must be valid");
int off = sig->at(stream.sig_index())._offset;
assert(off > 0, "offset in object should be positive");
Address fromAddr = Address(fromReg, off);
@@ -5917,6 +5919,7 @@ bool MacroAssembler::pack_inline_helper(const GrowableArray<SigEntry>* sig, int&
VMReg fromReg;
BasicType bt;
while (stream.next(fromReg, bt)) {
assert(fromReg->is_valid(), "source must be valid");
int off = sig->at(stream.sig_index())._offset;
assert(off > 0, "offset in object should be positive");
size_t size_in_bytes = is_java_primitive(bt) ? type2aelembytes(bt) : wordSize;
@@ -173,7 +173,12 @@ void MacroAssembler::shuffle_inline_args(bool is_packing, bool receiver_only,
BasicType bt = sig->at(sig_index)._bt;
if (SigEntry::skip_value_delimiters(sig, sig_index)) {
VMReg from_reg = regs[from_index].first();
done &= move_helper(from_reg, regs_to[to_index].first(), bt, reg_state);
if (from_reg->is_valid()) {
done &= move_helper(from_reg, regs_to[to_index].first(), bt, reg_state);
} else {
// halves of T_LONG or T_DOUBLE
assert(bt == T_VOID, "unexpected basic type");
}
to_index += step;
from_index += step;
} else if (is_packing) {