8027252: Crash in interpreter because get_unsigned_2_byte_index_at_bcp reads 4 bytes
Summary: Use 2-byte loads to load indexes from the byte code stream to avoid out of bounds reads.
Reviewed-by: coleenp, sspitsyn
--- a/hotspot/src/cpu/x86/vm/interp_masm_x86_32.cpp Mon Oct 28 21:41:48 2013 +0400
+++ b/hotspot/src/cpu/x86/vm/interp_masm_x86_32.cpp Wed Oct 30 15:35:25 2013 +0100
@@ -196,7 +196,7 @@
void InterpreterMacroAssembler::get_unsigned_2_byte_index_at_bcp(Register reg, int bcp_offset) {
assert(bcp_offset >= 0, "bcp is still pointing to start of bytecode");
- movl(reg, Address(rsi, bcp_offset));
+ load_unsigned_short(reg, Address(rsi, bcp_offset));
bswapl(reg);
shrl(reg, 16);
}
--- a/hotspot/src/cpu/x86/vm/interp_masm_x86_64.cpp Mon Oct 28 21:41:48 2013 +0400
+++ b/hotspot/src/cpu/x86/vm/interp_masm_x86_64.cpp Wed Oct 30 15:35:25 2013 +0100
@@ -192,7 +192,7 @@
Register reg,
int bcp_offset) {
assert(bcp_offset >= 0, "bcp is still pointing to start of bytecode");
- movl(reg, Address(r13, bcp_offset));
+ load_unsigned_short(reg, Address(r13, bcp_offset));
bswapl(reg);
shrl(reg, 16);
}
--- a/hotspot/src/cpu/x86/vm/templateTable_x86_32.cpp Mon Oct 28 21:41:48 2013 +0400
+++ b/hotspot/src/cpu/x86/vm/templateTable_x86_32.cpp Wed Oct 30 15:35:25 2013 +0100
@@ -558,7 +558,7 @@
void TemplateTable::locals_index_wide(Register reg) {
- __ movl(reg, at_bcp(2));
+ __ load_unsigned_short(reg, at_bcp(2));
__ bswapl(reg);
__ shrl(reg, 16);
__ negptr(reg);
@@ -1552,7 +1552,11 @@
InvocationCounter::counter_offset();
// Load up EDX with the branch displacement
- __ movl(rdx, at_bcp(1));
+ if (is_wide) {
+ __ movl(rdx, at_bcp(1));
+ } else {
+ __ load_signed_short(rdx, at_bcp(1));
+ }
__ bswapl(rdx);
if (!is_wide) __ sarl(rdx, 16);
LP64_ONLY(__ movslq(rdx, rdx));
--- a/hotspot/src/cpu/x86/vm/templateTable_x86_64.cpp Mon Oct 28 21:41:48 2013 +0400
+++ b/hotspot/src/cpu/x86/vm/templateTable_x86_64.cpp Wed Oct 30 15:35:25 2013 +0100
@@ -568,7 +568,7 @@
}
void TemplateTable::locals_index_wide(Register reg) {
- __ movl(reg, at_bcp(2));
+ __ load_unsigned_short(reg, at_bcp(2));
__ bswapl(reg);
__ shrl(reg, 16);
__ negptr(reg);
@@ -1575,7 +1575,11 @@
InvocationCounter::counter_offset();
// Load up edx with the branch displacement
- __ movl(rdx, at_bcp(1));
+ if (is_wide) {
+ __ movl(rdx, at_bcp(1));
+ } else {
+ __ load_signed_short(rdx, at_bcp(1));
+ }
__ bswapl(rdx);
if (!is_wide) {