From 7abe8999123c79aeb38960562e25d825faafdc7b Mon Sep 17 00:00:00 2001 From: Jinke Fan Date: Sun, 14 Apr 2019 21:40:07 +0000 Subject: [PATCH] 8222387: Out-of-bounds access to CPU _family_id_xxx array Reviewed-by: dholmes, kvn --- src/hotspot/cpu/x86/vm_version_ext_x86.cpp | 28 +++++++++++++++------- src/hotspot/cpu/x86/vm_version_ext_x86.hpp | 10 ++++++-- 2 files changed, 27 insertions(+), 11 deletions(-) diff --git a/src/hotspot/cpu/x86/vm_version_ext_x86.cpp b/src/hotspot/cpu/x86/vm_version_ext_x86.cpp index 37d94cddd0b..8042a8f1c69 100644 --- a/src/hotspot/cpu/x86/vm_version_ext_x86.cpp +++ b/src/hotspot/cpu/x86/vm_version_ext_x86.cpp @@ -43,10 +43,10 @@ typedef enum { CPU_FAMILY_PENTIUM_4 = 0xF } FamilyFlag; - typedef enum { - RDTSCP_FLAG = 0x08000000, // bit 27 - INTEL64_FLAG = 0x20000000 // bit 29 - } _featureExtendedEdxFlag; +typedef enum { + RDTSCP_FLAG = 0x08000000, // bit 27 + INTEL64_FLAG = 0x20000000 // bit 29 +} _featureExtendedEdxFlag; #define CPUID_STANDARD_FN 0x0 #define CPUID_STANDARD_FN_1 0x1 @@ -403,18 +403,21 @@ int VM_Version_Ext::number_of_sockets(void) { const char* VM_Version_Ext::cpu_family_description(void) { int cpu_family_id = extended_cpu_family(); if (is_amd()) { - return _family_id_amd[cpu_family_id]; + if (cpu_family_id < ExtendedFamilyIdLength_AMD) { + return _family_id_amd[cpu_family_id]; + } } if (is_intel()) { if (cpu_family_id == CPU_FAMILY_PENTIUMPRO) { return cpu_model_description(); } - return _family_id_intel[cpu_family_id]; + if (cpu_family_id < ExtendedFamilyIdLength_INTEL) { + return _family_id_intel[cpu_family_id]; + } } if (is_hygon()) { return "Dhyana"; } - return "Unknown x86"; } @@ -705,7 +708,7 @@ jlong VM_Version_Ext::maximum_qualified_cpu_frequency(void) { return _max_qualified_cpu_frequency; } -const char* const VM_Version_Ext::_family_id_intel[] = { +const char* const VM_Version_Ext::_family_id_intel[ExtendedFamilyIdLength_INTEL] = { "8086/8088", "", "286", @@ -724,7 +727,7 @@ const char* const VM_Version_Ext::_family_id_intel[] = { "Pentium 4" }; -const char* const VM_Version_Ext::_family_id_amd[] = { +const char* const VM_Version_Ext::_family_id_amd[ExtendedFamilyIdLength_AMD] = { "", "", "", @@ -742,6 +745,13 @@ const char* const VM_Version_Ext::_family_id_amd[] = { "", "Opteron/Athlon64", "Opteron QC/Phenom" // Barcelona et.al. + "", + "", + "", + "", + "", + "", + "Zen" }; // Partially from Intel 64 and IA-32 Architecture Software Developer's Manual, // September 2013, Vol 3C Table 35-1 diff --git a/src/hotspot/cpu/x86/vm_version_ext_x86.hpp b/src/hotspot/cpu/x86/vm_version_ext_x86.hpp index 02c9c338f4e..c63d54cc90f 100644 --- a/src/hotspot/cpu/x86/vm_version_ext_x86.hpp +++ b/src/hotspot/cpu/x86/vm_version_ext_x86.hpp @@ -29,14 +29,20 @@ #include "vm_version_x86.hpp" class VM_Version_Ext : public VM_Version { + + enum { + ExtendedFamilyIdLength_INTEL = 16, + ExtendedFamilyIdLength_AMD = 24 + }; + private: static const size_t VENDOR_LENGTH; static const size_t CPU_EBS_MAX_LENGTH; static const size_t CPU_TYPE_DESC_BUF_SIZE; static const size_t CPU_DETAILED_DESC_BUF_SIZE; - static const char* const _family_id_intel[]; - static const char* const _family_id_amd[]; + static const char* const _family_id_intel[ExtendedFamilyIdLength_INTEL]; + static const char* const _family_id_amd[ExtendedFamilyIdLength_AMD]; static const char* const _brand_id[]; static const char* const _model_id_pentium_pro[];