From fbdc1877e241552755ea208b890029e60a8df08c Mon Sep 17 00:00:00 2001 From: Vladimir Ivanov Date: Fri, 4 Dec 2020 09:37:18 +0000 Subject: [PATCH] 8257624: C2: PhaseMacroExpand::eliminate_macro_nodes() crashes on out-of-bounds access into macro node array Reviewed-by: neliasso, kvn --- src/hotspot/share/opto/macro.cpp | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/hotspot/share/opto/macro.cpp b/src/hotspot/share/opto/macro.cpp index 47d0d073f99..3b335471974 100644 --- a/src/hotspot/share/opto/macro.cpp +++ b/src/hotspot/share/opto/macro.cpp @@ -2564,7 +2564,10 @@ void PhaseMacroExpand::eliminate_macro_nodes() { while (progress) { progress = false; for (int i = C->macro_count(); i > 0; i--) { - Node * n = C->macro_node(i-1); + if (i > C->macro_count()) { + i = C->macro_count(); // more than 1 element can be eliminated at once + } + Node* n = C->macro_node(i-1); bool success = false; DEBUG_ONLY(int old_macro_count = C->macro_count();) if (n->is_AbstractLock()) { @@ -2580,7 +2583,10 @@ void PhaseMacroExpand::eliminate_macro_nodes() { while (progress) { progress = false; for (int i = C->macro_count(); i > 0; i--) { - Node * n = C->macro_node(i-1); + if (i > C->macro_count()) { + i = C->macro_count(); // more than 1 element can be eliminated at once + } + Node* n = C->macro_node(i-1); bool success = false; DEBUG_ONLY(int old_macro_count = C->macro_count();) switch (n->class_id()) {