# HG changeset patch
# User jmasa
# Date 1235542344 28800
# Node ID 6e2cad7ee1f540fe784292e1d8a25f45939976f1
# Parent  a76fa2632196e0953cd532894ea377b3fe3777f8
6806226: Signed integer overflow in growable array code causes JVM crash
Summary: Workaround the overflow by doing the intermediate calculations in an unsigned variable.
Reviewed-by: ysr, jcoomes

diff -r a76fa2632196 -r 6e2cad7ee1f5 hotspot/src/share/vm/utilities/growableArray.cpp
--- a/hotspot/src/share/vm/utilities/growableArray.cpp	Fri Feb 20 11:12:26 2009 -0800
+++ b/hotspot/src/share/vm/utilities/growableArray.cpp	Tue Feb 24 22:12:24 2009 -0800
@@ -43,11 +43,13 @@
 #endif
 
 void* GenericGrowableArray::raw_allocate(int elementSize) {
+  assert(_max >= 0, "integer overflow");
+  size_t byte_size = elementSize * (size_t) _max;
   if (on_stack()) {
-    return (void*)resource_allocate_bytes(elementSize * _max);
+    return (void*)resource_allocate_bytes(byte_size);
   } else if (on_C_heap()) {
-    return (void*)AllocateHeap(elementSize * _max, "GrET in " __FILE__);
+    return (void*)AllocateHeap(byte_size, "GrET in " __FILE__);
   } else {
-    return _arena->Amalloc(elementSize * _max);
+    return _arena->Amalloc(byte_size);
   }
 }