8129895: New verifier fails to reject erroneous cast from int[] to other arrays of small integer types
Summary: Only allow assignability of arrays of primitive types if the types are identical
Reviewed-by: dholmes, gtriantafill
--- a/hotspot/src/share/vm/classfile/verificationType.cpp Wed Jul 22 07:47:34 2015 +0200
+++ b/hotspot/src/share/vm/classfile/verificationType.cpp Wed Jul 22 08:00:38 2015 -0400
@@ -86,7 +86,7 @@
VerificationType comp_this = get_component(context, CHECK_false);
VerificationType comp_from = from.get_component(context, CHECK_false);
if (!comp_this.is_bogus() && !comp_from.is_bogus()) {
- return comp_this.is_assignable_from(comp_from, context,
+ return comp_this.is_component_assignable_from(comp_from, context,
from_field_is_protected, CHECK_false);
}
}
--- a/hotspot/src/share/vm/classfile/verificationType.hpp Wed Jul 22 07:47:34 2015 +0200
+++ b/hotspot/src/share/vm/classfile/verificationType.hpp Wed Jul 22 08:00:38 2015 -0400
@@ -297,6 +297,26 @@
}
}
+ // Check to see if one array component type is assignable to another.
+ // Same as is_assignable_from() except int primitives must be identical.
+ bool is_component_assignable_from(
+ const VerificationType& from, ClassVerifier* context,
+ bool from_field_is_protected, TRAPS) const {
+ if (equals(from) || is_bogus()) {
+ return true;
+ } else {
+ switch(_u._data) {
+ case Boolean:
+ case Byte:
+ case Char:
+ case Short:
+ return false;
+ default:
+ return is_assignable_from(from, context, from_field_is_protected, CHECK_false);
+ }
+ }
+ }
+
VerificationType get_component(ClassVerifier* context, TRAPS) const;
int dimensions() const {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hotspot/test/runtime/verifier/PrimIntArray.java Wed Jul 22 08:00:38 2015 -0400
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ *
+ */
+
+/*
+ * @test
+ * @bug 8129895
+ * @summary Throw VerifyError when checking assignability of primitive arrays
+ * that are not identical. For example, [I is not assignable to [B.
+ * @compile primArray.jasm
+ * @compile primArray49.jasm
+ * @run main/othervm -Xverify:all PrimIntArray
+ */
+
+// Test that an int[] is not assignable to byte[].
+public class PrimIntArray {
+
+ public static void main(String args[]) throws Throwable {
+ System.out.println("Regression test for bug 8129895");
+
+ try {
+ Class newClass = Class.forName("primArray");
+ throw new RuntimeException("Expected VerifyError exception not thrown with new verifier");
+ } catch (java.lang.VerifyError e) {
+ System.out.println("Test PrimIntArray passed with new verifier");
+ }
+
+ try {
+ Class newClass = Class.forName("primArray49");
+ throw new RuntimeException("Expected VerifyError exception not thrown by old verifier");
+ } catch (java.lang.VerifyError e) {
+ System.out.println("Test PrimIntArray passed with old verifier");
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hotspot/test/runtime/verifier/primArray.jasm Wed Jul 22 08:00:38 2015 -0400
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ *
+ */
+
+// Method castToByteArray() tries to return an array of ints when an array
+// of bytes is expected.
+super class primArray
+version 52:0
+{
+
+ public Method "<init>":"()V"
+ stack 1 locals 1
+ {
+ aload_0;
+ invokespecial Method java/lang/Object."<init>":"()V";
+ return;
+ }
+
+ public static Method castToByteArray:"([I)[B"
+ stack 1 locals 1
+ {
+ aload_0;
+ areturn;
+ }
+
+} // end Class primArray
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hotspot/test/runtime/verifier/primArray49.jasm Wed Jul 22 08:00:38 2015 -0400
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ *
+ */
+
+// Method castToByteArray() tries to return an array of ints when an array
+// of bytes is expected.
+super class primArray49
+version 49:0
+{
+
+ public Method "<init>":"()V"
+ stack 1 locals 1
+ {
+ aload_0;
+ invokespecial Method java/lang/Object."<init>":"()V";
+ return;
+ }
+
+ public static Method castToByteArray:"([I)[B"
+ stack 1 locals 1
+ {
+ aload_0;
+ areturn;
+ }
+
+} // end Class primArray49