8170761: Buffer overrun in sharedRuntime_x86_64.cpp:477
Summary: Fixed missing half assert!
Reviewed-by: kvn
--- a/hotspot/src/cpu/aarch64/vm/sharedRuntime_aarch64.cpp Mon Dec 19 02:33:30 2016 -0800
+++ b/hotspot/src/cpu/aarch64/vm/sharedRuntime_aarch64.cpp Mon Dec 19 06:25:12 2016 -0800
@@ -282,7 +282,7 @@
regs[i].set_bad();
break;
case T_LONG:
- assert(sig_bt[i + 1] == T_VOID, "expecting half");
+ assert((i + 1) < total_args_passed && sig_bt[i + 1] == T_VOID, "expecting half");
// fall through
case T_OBJECT:
case T_ARRAY:
@@ -303,7 +303,7 @@
}
break;
case T_DOUBLE:
- assert(sig_bt[i + 1] == T_VOID, "expecting half");
+ assert((i + 1) < total_args_passed && sig_bt[i + 1] == T_VOID, "expecting half");
if (fp_args < Argument::n_float_register_parameters_j) {
regs[i].set2(FP_ArgReg[fp_args++]->as_VMReg());
} else {
@@ -840,7 +840,7 @@
}
break;
case T_LONG:
- assert(sig_bt[i + 1] == T_VOID, "expecting half");
+ assert((i + 1) < total_args_passed && sig_bt[i + 1] == T_VOID, "expecting half");
// fall through
case T_OBJECT:
case T_ARRAY:
@@ -862,7 +862,7 @@
}
break;
case T_DOUBLE:
- assert(sig_bt[i + 1] == T_VOID, "expecting half");
+ assert((i + 1) < total_args_passed && sig_bt[i + 1] == T_VOID, "expecting half");
if (fp_args < Argument::n_float_register_parameters_c) {
regs[i].set2(FP_ArgReg[fp_args++]->as_VMReg());
} else {
--- a/hotspot/src/cpu/ppc/vm/sharedRuntime_ppc.cpp Mon Dec 19 02:33:30 2016 -0800
+++ b/hotspot/src/cpu/ppc/vm/sharedRuntime_ppc.cpp Mon Dec 19 06:25:12 2016 -0800
@@ -594,7 +594,7 @@
regs[i].set1(reg);
break;
case T_LONG:
- assert(sig_bt[i+1] == T_VOID, "expecting half");
+ assert((i + 1) < total_args_passed && sig_bt[i+1] == T_VOID, "expecting half");
if (ireg < num_java_iarg_registers) {
// Put long in register.
reg = java_iarg_reg[ireg];
@@ -637,7 +637,7 @@
regs[i].set1(reg);
break;
case T_DOUBLE:
- assert(sig_bt[i+1] == T_VOID, "expecting half");
+ assert((i + 1) < total_args_passed && sig_bt[i+1] == T_VOID, "expecting half");
if (freg < num_java_farg_registers) {
// Put double in register.
reg = java_farg_reg[freg];
@@ -809,7 +809,7 @@
regs[i].set1(reg);
break;
case T_DOUBLE:
- assert(sig_bt[i+1] == T_VOID, "expecting half");
+ assert((i + 1) < total_args_passed && sig_bt[i+1] == T_VOID, "expecting half");
if (freg < Argument::n_float_register_parameters_c) {
// Put double in register ...
reg = farg_reg[freg];
--- a/hotspot/src/cpu/s390/vm/sharedRuntime_s390.cpp Mon Dec 19 02:33:30 2016 -0800
+++ b/hotspot/src/cpu/s390/vm/sharedRuntime_s390.cpp Mon Dec 19 06:25:12 2016 -0800
@@ -683,7 +683,7 @@
}
break;
case T_LONG:
- assert(sig_bt[i+1] == T_VOID, "expecting half");
+ assert((i + 1) < total_args_passed && sig_bt[i+1] == T_VOID, "expecting half");
if (ireg < z_num_iarg_registers) {
// Put long in register.
regs[i].set2(z_iarg_reg[ireg]);
@@ -723,7 +723,7 @@
}
break;
case T_DOUBLE:
- assert(sig_bt[i+1] == T_VOID, "expecting half");
+ assert((i + 1) < total_args_passed && sig_bt[i+1] == T_VOID, "expecting half");
if (freg < z_num_farg_registers) {
// Put double in register.
regs[i].set2(z_farg_reg[freg]);
@@ -822,7 +822,7 @@
}
break;
case T_DOUBLE:
- assert(sig_bt[i+1] == T_VOID, "expecting half");
+ assert((i + 1) < total_args_passed && sig_bt[i+1] == T_VOID, "expecting half");
if (freg < z_num_farg_registers) {
regs[i].set2(z_farg_reg[freg]);
++freg;
--- a/hotspot/src/cpu/sparc/vm/sharedRuntime_sparc.cpp Mon Dec 19 02:33:30 2016 -0800
+++ b/hotspot/src/cpu/sparc/vm/sharedRuntime_sparc.cpp Mon Dec 19 06:25:12 2016 -0800
@@ -425,7 +425,7 @@
#ifdef _LP64
case T_LONG:
- assert(sig_bt[i+1] == T_VOID, "expecting VOID in other half");
+ assert((i + 1) < total_args_passed && sig_bt[i+1] == T_VOID, "expecting VOID in other half");
// fall-through
case T_OBJECT:
case T_ARRAY:
@@ -441,7 +441,7 @@
break;
#else
case T_LONG:
- assert(sig_bt[i+1] == T_VOID, "expecting VOID in other half");
+ assert((i + 1) < total_args_passed && sig_bt[i+1] == T_VOID, "expecting VOID in other half");
// On 32-bit SPARC put longs always on the stack to keep the pressure off
// integer argument registers. They should be used for oops.
slot = round_to(slot, 2); // align
@@ -460,7 +460,7 @@
break;
case T_DOUBLE:
- assert(sig_bt[i+1] == T_VOID, "expecting half");
+ assert((i + 1) < total_args_passed && sig_bt[i+1] == T_VOID, "expecting half");
if (round_to(flt_reg, 2) + 1 < flt_reg_max) {
flt_reg = round_to(flt_reg, 2); // align
FloatRegister r = as_FloatRegister(flt_reg);
@@ -1174,7 +1174,7 @@
regs[i].set1(int_stk_helper(j));
break;
case T_LONG:
- assert(sig_bt[i+1] == T_VOID, "expecting half");
+ assert((i + 1) < total_args_passed && sig_bt[i+1] == T_VOID, "expecting half");
case T_ADDRESS: // raw pointers, like current thread, for VM calls
case T_ARRAY:
case T_OBJECT:
@@ -1209,7 +1209,7 @@
break;
case T_DOUBLE:
{
- assert(sig_bt[i + 1] == T_VOID, "expecting half");
+ assert((i + 1) < total_args_passed && sig_bt[i + 1] == T_VOID, "expecting half");
// V9ism: doubles go in EVEN/ODD regs and stack slots
int double_index = (j << 1);
param_array_reg.set2(VMRegImpl::stack2reg(double_index));
@@ -1261,7 +1261,7 @@
break;
case T_DOUBLE:
case T_LONG:
- assert(sig_bt[i + 1] == T_VOID, "expecting half");
+ assert((i + 1) < total_args_passed && sig_bt[i + 1] == T_VOID, "expecting half");
regs[i].set_pair(int_stk_helper(i + 1), int_stk_helper(i));
break;
case T_VOID: regs[i].set_bad(); break;
--- a/hotspot/src/cpu/x86/vm/sharedRuntime_x86_32.cpp Mon Dec 19 02:33:30 2016 -0800
+++ b/hotspot/src/cpu/x86/vm/sharedRuntime_x86_32.cpp Mon Dec 19 06:25:12 2016 -0800
@@ -478,12 +478,12 @@
}
break;
case T_LONG:
- assert(sig_bt[i+1] == T_VOID, "missing Half" );
+ assert((i + 1) < total_args_passed && sig_bt[i+1] == T_VOID, "missing Half" );
regs[i].set2(VMRegImpl::stack2reg(dstack));
dstack += 2;
break;
case T_DOUBLE:
- assert(sig_bt[i+1] == T_VOID, "missing Half" );
+ assert((i + 1) < total_args_passed && sig_bt[i+1] == T_VOID, "missing Half" );
if( freg_arg0 == (uint)i ) {
regs[i].set2(xmm0->as_VMReg());
} else if( freg_arg1 == (uint)i ) {
@@ -1001,7 +1001,7 @@
case T_DOUBLE: // The stack numbering is reversed from Java
// Since C arguments do not get reversed, the ordering for
// doubles on the stack must be opposite the Java convention
- assert(sig_bt[i+1] == T_VOID, "missing Half" );
+ assert((i + 1) < total_args_passed && sig_bt[i+1] == T_VOID, "missing Half" );
regs[i].set2(VMRegImpl::stack2reg(stack));
stack += 2;
break;
--- a/hotspot/src/cpu/x86/vm/sharedRuntime_x86_64.cpp Mon Dec 19 02:33:30 2016 -0800
+++ b/hotspot/src/cpu/x86/vm/sharedRuntime_x86_64.cpp Mon Dec 19 06:25:12 2016 -0800
@@ -474,7 +474,7 @@
regs[i].set_bad();
break;
case T_LONG:
- assert(sig_bt[i + 1] == T_VOID, "expecting half");
+ assert((i + 1) < total_args_passed && sig_bt[i + 1] == T_VOID, "expecting half");
// fall through
case T_OBJECT:
case T_ARRAY:
@@ -495,7 +495,7 @@
}
break;
case T_DOUBLE:
- assert(sig_bt[i + 1] == T_VOID, "expecting half");
+ assert((i + 1) < total_args_passed && sig_bt[i + 1] == T_VOID, "expecting half");
if (fp_args < Argument::n_float_register_parameters_j) {
regs[i].set2(FP_ArgReg[fp_args++]->as_VMReg());
} else {
@@ -1014,7 +1014,7 @@
}
break;
case T_LONG:
- assert(sig_bt[i + 1] == T_VOID, "expecting half");
+ assert((i + 1) < total_args_passed && sig_bt[i + 1] == T_VOID, "expecting half");
// fall through
case T_OBJECT:
case T_ARRAY:
@@ -1045,7 +1045,7 @@
}
break;
case T_DOUBLE:
- assert(sig_bt[i + 1] == T_VOID, "expecting half");
+ assert((i + 1) < total_args_passed && sig_bt[i + 1] == T_VOID, "expecting half");
if (fp_args < Argument::n_float_register_parameters_c) {
regs[i].set2(FP_ArgReg[fp_args++]->as_VMReg());
#ifdef _WIN64