stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

6806226: Signed integer overflow in growable array code causes JVM crash

Browse Source 
Workaround the overflow by doing the intermediate calculations in an unsigned variable.

Reviewed-by: ysr, jcoomes
This commit is contained in:
Jon Masamitsu 2009-02-24 22:12:24 -08:00
parent 7efb6ac73a
commit b051a23591
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
hotspot/src/share/vm/utilities/growableArray.cpp
View File

@ -43,11 +43,13 @@ void GenericGrowableArray::check_nesting() {
#endif
void* GenericGrowableArray::raw_allocate(int elementSize) {
assert(_max >= 0, "integer overflow");
size_t byte_size = elementSize * (size_t) _max;
if (on_stack()) {
return (void*)resource_allocate_bytes(elementSize * _max);
return (void*)resource_allocate_bytes(byte_size);
} else if (on_C_heap()) {
return (void*)AllocateHeap(elementSize * _max, "GrET in " __FILE__);
return (void*)AllocateHeap(byte_size, "GrET in " __FILE__);
} else {
return _arena->Amalloc(elementSize * _max);
return _arena->Amalloc(byte_size);
}
}