8038076: constraint on multianewarray instruction is not checked since class version 50.
Summary: No VerifiyError generated if multianewarray bytecode's array type descriptor was 1 dimension smaller than dimensions specified.
Reviewed-by: hseigel, ctornqvi, coleenp, kamg
--- a/hotspot/src/share/vm/classfile/verificationType.hpp Mon Apr 14 11:23:06 2014 +0200
+++ b/hotspot/src/share/vm/classfile/verificationType.hpp Mon Apr 14 10:13:03 2014 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -299,7 +299,7 @@
int dimensions() const {
assert(is_array(), "Must be an array");
int index = 0;
- while (name()->byte_at(index++) == '[');
+ while (name()->byte_at(index) == '[') index++;
return index;
}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hotspot/test/runtime/verifier/TestMultiANewArray.java Mon Apr 14 10:13:03 2014 -0400
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.File;
+import java.io.FileOutputStream;
+import jdk.internal.org.objectweb.asm.ClassWriter;
+import jdk.internal.org.objectweb.asm.MethodVisitor;
+import static jdk.internal.org.objectweb.asm.Opcodes.*;
+import com.oracle.java.testlibrary.*;
+
+/*
+ * @test TestMultiANewArray
+ * @bug 8038076
+ * @library /testlibrary
+ * @compile -XDignore.symbol.file TestMultiANewArray.java
+ * @run main/othervm TestMultiANewArray 49
+ * @run main/othervm TestMultiANewArray 50
+ * @run main/othervm TestMultiANewArray 51
+ * @run main/othervm TestMultiANewArray 52
+ */
+
+public class TestMultiANewArray {
+ public static void main(String... args) throws Exception {
+ int cfv = Integer.parseInt(args[0]);
+ writeClassFile(cfv);
+ System.err.println("Running with cfv: " + cfv);
+ ProcessBuilder pb = ProcessTools.createJavaProcessBuilder(true, "-cp", ".", "ClassFile");
+ OutputAnalyzer output = new OutputAnalyzer(pb.start());
+ output.shouldContain("VerifyError");
+ output.shouldHaveExitValue(1);
+ }
+
+ public static void writeClassFile(int cfv) throws Exception {
+ ClassWriter cw = new ClassWriter(0);
+ MethodVisitor mv;
+
+ cw.visit(cfv, ACC_PUBLIC + ACC_SUPER, "ClassFile", null, "java/lang/Object", null);
+ mv = cw.visitMethod(ACC_PUBLIC, "<init>", "()V", null, null);
+ mv.visitCode();
+ mv.visitVarInsn(ALOAD, 0);
+ mv.visitMethodInsn(INVOKESPECIAL, "java/lang/Object", "<init>", "()V", false);
+ mv.visitInsn(RETURN);
+ mv.visitMaxs(1, 1);
+ mv.visitEnd();
+
+ mv = cw.visitMethod(ACC_PUBLIC + ACC_STATIC, "main", "([Ljava/lang/String;)V", null, null);
+ mv.visitCode();
+ mv.visitInsn(ICONST_1);
+ mv.visitInsn(ICONST_2);
+ mv.visitMultiANewArrayInsn("[I", 2);
+ mv.visitVarInsn(ASTORE, 1);
+ mv.visitInsn(RETURN);
+ mv.visitMaxs(2, 2);
+ mv.visitEnd();
+
+ cw.visitEnd();
+
+ try (FileOutputStream fos = new FileOutputStream(new File("ClassFile.class"))) {
+ fos.write(cw.toByteArray());
+ }
+ }
+}