8216486: Possibility of integer overflow in JfrThreadSampler::run()
Reviewed-by: rehn, sgehwolf
--- a/src/hotspot/share/jfr/periodic/sampling/jfrThreadSampler.cpp Fri Jan 11 10:58:46 2019 +0100
+++ b/src/hotspot/share/jfr/periodic/sampling/jfrThreadSampler.cpp Fri Jan 11 23:32:52 2019 +0900
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -467,8 +467,17 @@
jlong now_ms = get_monotonic_ms();
- jlong next_j = java_interval + last_java_ms - now_ms;
- jlong next_n = native_interval + last_native_ms - now_ms;
+ /*
+ * Let I be java_interval or native_interval.
+ * Let L be last_java_ms or last_native_ms.
+ * Let N be now_ms.
+ *
+ * Interval, I, might be max_jlong so the addition
+ * could potentially overflow without parenthesis (UB). Also note that
+ * L - N < 0. Avoid UB, by adding parenthesis.
+ */
+ jlong next_j = java_interval + (last_java_ms - now_ms);
+ jlong next_n = native_interval + (last_native_ms - now_ms);
jlong sleep_to_next = MIN2<jlong>(next_j, next_n);