From 0dab920b70560a5aea8b068080655a292908b646 Mon Sep 17 00:00:00 2001 From: Shaojin Wen Date: Wed, 13 Nov 2024 23:17:26 +0000 Subject: [PATCH] 8343984: Fix Unsafe address overflow Reviewed-by: pminborg, alanb --- .../share/classes/java/lang/StringLatin1.java | 22 +++++++++---------- .../share/classes/java/util/zip/ZipUtils.java | 8 +++---- .../fs/UnixUserDefinedFileAttributeView.java | 6 ++--- .../hotspot/utilities/HeapHprofBinWriter.java | 18 +++++++-------- .../jdk/incubator/vector/ByteVector.java | 2 +- .../jdk/incubator/vector/DoubleVector.java | 2 +- .../jdk/incubator/vector/FloatVector.java | 2 +- .../jdk/incubator/vector/IntVector.java | 2 +- .../jdk/incubator/vector/LongVector.java | 2 +- .../jdk/incubator/vector/ShortVector.java | 2 +- .../incubator/vector/X-Vector.java.template | 2 +- 11 files changed, 34 insertions(+), 34 deletions(-) diff --git a/src/java.base/share/classes/java/lang/StringLatin1.java b/src/java.base/share/classes/java/lang/StringLatin1.java index c12b8afc21f..7680bcbfa45 100644 --- a/src/java.base/share/classes/java/lang/StringLatin1.java +++ b/src/java.base/share/classes/java/lang/StringLatin1.java @@ -830,22 +830,22 @@ final class StringLatin1 { static void putCharsAt(byte[] val, int index, int c1, int c2, int c3, int c4) { assert index >= 0 && index + 3 < length(val) : "Trusted caller missed bounds check"; // Don't use the putChar method, Its instrinsic will cause C2 unable to combining values into larger stores. - long address = Unsafe.ARRAY_BYTE_BASE_OFFSET + index; - UNSAFE.putByte(val, address , (byte)(c1)); - UNSAFE.putByte(val, address + 1, (byte)(c2)); - UNSAFE.putByte(val, address + 2, (byte)(c3)); - UNSAFE.putByte(val, address + 3, (byte)(c4)); + long offset = (long) Unsafe.ARRAY_BYTE_BASE_OFFSET + index; + UNSAFE.putByte(val, offset , (byte)(c1)); + UNSAFE.putByte(val, offset + 1, (byte)(c2)); + UNSAFE.putByte(val, offset + 2, (byte)(c3)); + UNSAFE.putByte(val, offset + 3, (byte)(c4)); } static void putCharsAt(byte[] val, int index, int c1, int c2, int c3, int c4, int c5) { assert index >= 0 && index + 4 < length(val) : "Trusted caller missed bounds check"; // Don't use the putChar method, Its instrinsic will cause C2 unable to combining values into larger stores. - long address = Unsafe.ARRAY_BYTE_BASE_OFFSET + index; - UNSAFE.putByte(val, address , (byte)(c1)); - UNSAFE.putByte(val, address + 1, (byte)(c2)); - UNSAFE.putByte(val, address + 2, (byte)(c3)); - UNSAFE.putByte(val, address + 3, (byte)(c4)); - UNSAFE.putByte(val, address + 4, (byte)(c5)); + long offset = (long) Unsafe.ARRAY_BYTE_BASE_OFFSET + index; + UNSAFE.putByte(val, offset , (byte)(c1)); + UNSAFE.putByte(val, offset + 1, (byte)(c2)); + UNSAFE.putByte(val, offset + 2, (byte)(c3)); + UNSAFE.putByte(val, offset + 3, (byte)(c4)); + UNSAFE.putByte(val, offset + 4, (byte)(c5)); } public static void putChar(byte[] val, int index, int c) { diff --git a/src/java.base/share/classes/java/util/zip/ZipUtils.java b/src/java.base/share/classes/java/util/zip/ZipUtils.java index 5b1d896f420..a2eb9c50d4a 100644 --- a/src/java.base/share/classes/java/util/zip/ZipUtils.java +++ b/src/java.base/share/classes/java/util/zip/ZipUtils.java @@ -174,7 +174,7 @@ class ZipUtils { Preconditions.checkIndex(off, b.length, Preconditions.AIOOBE_FORMATTER); Preconditions.checkIndex(off + 1, b.length, Preconditions.AIOOBE_FORMATTER); return Short.toUnsignedInt( - UNSAFE.getShortUnaligned(b, off + Unsafe.ARRAY_BYTE_BASE_OFFSET, false)); + UNSAFE.getShortUnaligned(b, off + (long) Unsafe.ARRAY_BYTE_BASE_OFFSET, false)); } /** @@ -185,7 +185,7 @@ class ZipUtils { Preconditions.checkIndex(off, b.length, Preconditions.AIOOBE_FORMATTER); Preconditions.checkIndex(off + 3, b.length, Preconditions.AIOOBE_FORMATTER); return Integer.toUnsignedLong( - UNSAFE.getIntUnaligned(b, off + Unsafe.ARRAY_BYTE_BASE_OFFSET, false)); + UNSAFE.getIntUnaligned(b, off + (long) Unsafe.ARRAY_BYTE_BASE_OFFSET, false)); } /** @@ -195,7 +195,7 @@ class ZipUtils { public static final long get64S(byte[] b, int off) { Preconditions.checkIndex(off, b.length, Preconditions.AIOOBE_FORMATTER); Preconditions.checkIndex(off + 7, b.length, Preconditions.AIOOBE_FORMATTER); - return UNSAFE.getLongUnaligned(b, off + Unsafe.ARRAY_BYTE_BASE_OFFSET, false); + return UNSAFE.getLongUnaligned(b, off + (long) Unsafe.ARRAY_BYTE_BASE_OFFSET, false); } /** @@ -206,7 +206,7 @@ class ZipUtils { public static final int get32S(byte[] b, int off) { Preconditions.checkIndex(off, b.length, Preconditions.AIOOBE_FORMATTER); Preconditions.checkIndex(off + 3, b.length, Preconditions.AIOOBE_FORMATTER); - return UNSAFE.getIntUnaligned(b, off + Unsafe.ARRAY_BYTE_BASE_OFFSET, false); + return UNSAFE.getIntUnaligned(b, off + (long) Unsafe.ARRAY_BYTE_BASE_OFFSET, false); } /* diff --git a/src/java.base/unix/classes/sun/nio/fs/UnixUserDefinedFileAttributeView.java b/src/java.base/unix/classes/sun/nio/fs/UnixUserDefinedFileAttributeView.java index 41528a55e37..e814dde3229 100644 --- a/src/java.base/unix/classes/sun/nio/fs/UnixUserDefinedFileAttributeView.java +++ b/src/java.base/unix/classes/sun/nio/fs/UnixUserDefinedFileAttributeView.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2008, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -194,7 +194,7 @@ abstract class UnixUserDefinedFileAttributeView int n = read(name, address, rem); // copy from buffer into backing array - int off = dst.arrayOffset() + pos + Unsafe.ARRAY_BYTE_BASE_OFFSET; + long off = dst.arrayOffset() + pos + (long) Unsafe.ARRAY_BYTE_BASE_OFFSET; unsafe.copyMemory(null, address, dst.array(), off, n); dst.position(pos + n); @@ -257,7 +257,7 @@ abstract class UnixUserDefinedFileAttributeView if (src.hasArray()) { // copy from backing array into buffer - int off = src.arrayOffset() + pos + Unsafe.ARRAY_BYTE_BASE_OFFSET; + long off = src.arrayOffset() + pos + (long) Unsafe.ARRAY_BYTE_BASE_OFFSET; unsafe.copyMemory(src.array(), off, null, address, rem); } else { // backing array not accessible so transfer via temporary array diff --git a/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/utilities/HeapHprofBinWriter.java b/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/utilities/HeapHprofBinWriter.java index c9ffca89ec7..72861d9c30d 100644 --- a/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/utilities/HeapHprofBinWriter.java +++ b/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/utilities/HeapHprofBinWriter.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1005,56 +1005,56 @@ public class HeapHprofBinWriter extends AbstractHeapGraphWriter { private void writeBooleanArray(TypeArray array, int length) throws IOException { for (int index = 0; index < length; index++) { - long offset = BOOLEAN_BASE_OFFSET + index * BOOLEAN_SIZE; + long offset = (long) BOOLEAN_BASE_OFFSET + index * BOOLEAN_SIZE; out.writeBoolean(array.getHandle().getJBooleanAt(offset)); } } private void writeByteArray(TypeArray array, int length) throws IOException { for (int index = 0; index < length; index++) { - long offset = BYTE_BASE_OFFSET + index * BYTE_SIZE; + long offset = (long) BYTE_BASE_OFFSET + index * BYTE_SIZE; out.writeByte(array.getHandle().getJByteAt(offset)); } } private void writeShortArray(TypeArray array, int length) throws IOException { for (int index = 0; index < length; index++) { - long offset = SHORT_BASE_OFFSET + index * SHORT_SIZE; + long offset = (long) SHORT_BASE_OFFSET + index * SHORT_SIZE; out.writeShort(array.getHandle().getJShortAt(offset)); } } private void writeIntArray(TypeArray array, int length) throws IOException { for (int index = 0; index < length; index++) { - long offset = INT_BASE_OFFSET + index * INT_SIZE; + long offset = (long) INT_BASE_OFFSET + index * INT_SIZE; out.writeInt(array.getHandle().getJIntAt(offset)); } } private void writeLongArray(TypeArray array, int length) throws IOException { for (int index = 0; index < length; index++) { - long offset = LONG_BASE_OFFSET + index * LONG_SIZE; + long offset = (long) LONG_BASE_OFFSET + index * LONG_SIZE; out.writeLong(array.getHandle().getJLongAt(offset)); } } private void writeCharArray(TypeArray array, int length) throws IOException { for (int index = 0; index < length; index++) { - long offset = CHAR_BASE_OFFSET + index * CHAR_SIZE; + long offset = (long) CHAR_BASE_OFFSET + index * CHAR_SIZE; out.writeChar(array.getHandle().getJCharAt(offset)); } } private void writeFloatArray(TypeArray array, int length) throws IOException { for (int index = 0; index < length; index++) { - long offset = FLOAT_BASE_OFFSET + index * FLOAT_SIZE; + long offset = (long) FLOAT_BASE_OFFSET + index * FLOAT_SIZE; out.writeFloat(array.getHandle().getJFloatAt(offset)); } } private void writeDoubleArray(TypeArray array, int length) throws IOException { for (int index = 0; index < length; index++) { - long offset = DOUBLE_BASE_OFFSET + index * DOUBLE_SIZE; + long offset = (long) DOUBLE_BASE_OFFSET + index * DOUBLE_SIZE; out.writeDouble(array.getHandle().getJDoubleAt(offset)); } } diff --git a/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/ByteVector.java b/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/ByteVector.java index f36215ffe12..346b00eda5e 100644 --- a/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/ByteVector.java +++ b/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/ByteVector.java @@ -4101,7 +4101,7 @@ public abstract class ByteVector extends AbstractVector { @ForceInline static long byteArrayAddress(byte[] a, int index) { - return Unsafe.ARRAY_BYTE_BASE_OFFSET + index; + return (long) Unsafe.ARRAY_BYTE_BASE_OFFSET + index; } // ================================================ diff --git a/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/DoubleVector.java b/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/DoubleVector.java index d7fc2cfa97d..5b3a25baa58 100644 --- a/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/DoubleVector.java +++ b/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/DoubleVector.java @@ -3621,7 +3621,7 @@ public abstract class DoubleVector extends AbstractVector { @ForceInline static long byteArrayAddress(byte[] a, int index) { - return Unsafe.ARRAY_BYTE_BASE_OFFSET + index; + return (long) Unsafe.ARRAY_BYTE_BASE_OFFSET + index; } // ================================================ diff --git a/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/FloatVector.java b/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/FloatVector.java index 098eed06095..a3686d467a7 100644 --- a/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/FloatVector.java +++ b/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/FloatVector.java @@ -3571,7 +3571,7 @@ public abstract class FloatVector extends AbstractVector { @ForceInline static long byteArrayAddress(byte[] a, int index) { - return Unsafe.ARRAY_BYTE_BASE_OFFSET + index; + return (long) Unsafe.ARRAY_BYTE_BASE_OFFSET + index; } // ================================================ diff --git a/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/IntVector.java b/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/IntVector.java index 6cb81767cdd..390c8026083 100644 --- a/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/IntVector.java +++ b/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/IntVector.java @@ -3739,7 +3739,7 @@ public abstract class IntVector extends AbstractVector { @ForceInline static long byteArrayAddress(byte[] a, int index) { - return Unsafe.ARRAY_BYTE_BASE_OFFSET + index; + return (long) Unsafe.ARRAY_BYTE_BASE_OFFSET + index; } // ================================================ diff --git a/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/LongVector.java b/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/LongVector.java index a740c9d49cf..43fedc2693b 100644 --- a/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/LongVector.java +++ b/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/LongVector.java @@ -3674,7 +3674,7 @@ public abstract class LongVector extends AbstractVector { @ForceInline static long byteArrayAddress(byte[] a, int index) { - return Unsafe.ARRAY_BYTE_BASE_OFFSET + index; + return (long) Unsafe.ARRAY_BYTE_BASE_OFFSET + index; } // ================================================ diff --git a/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/ShortVector.java b/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/ShortVector.java index 0e3ff9aaa87..552967d82e7 100644 --- a/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/ShortVector.java +++ b/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/ShortVector.java @@ -4092,7 +4092,7 @@ public abstract class ShortVector extends AbstractVector { @ForceInline static long byteArrayAddress(byte[] a, int index) { - return Unsafe.ARRAY_BYTE_BASE_OFFSET + index; + return (long) Unsafe.ARRAY_BYTE_BASE_OFFSET + index; } // ================================================ diff --git a/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/X-Vector.java.template b/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/X-Vector.java.template index b5f3a4b7d87..7eb1d9810b1 100644 --- a/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/X-Vector.java.template +++ b/src/jdk.incubator.vector/share/classes/jdk/incubator/vector/X-Vector.java.template @@ -5310,7 +5310,7 @@ public abstract class $abstractvectortype$ extends AbstractVector<$Boxtype$> { @ForceInline static long byteArrayAddress(byte[] a, int index) { - return Unsafe.ARRAY_BYTE_BASE_OFFSET + index; + return (long) Unsafe.ARRAY_BYTE_BASE_OFFSET + index; } // ================================================