Bug ID: JDK-6942326 x86 code in string_indexof() could read beyond reserved heap space

Type: Bug
Component: hotspot
Sub-Component: compiler
Affected Version: hs18

Priority: P3
Status: Closed
Resolution: Fixed
OS: solaris_10
CPU: sparc

Submitted: 2010-04-08
Updated: 2011-09-22
Resolved: 2011-04-24

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 6	JDK 7	Other
6u21pFixed	7Fixed	hs21Fixed

MacroAssembler::string_indexof() code loads 16 bytes into XMM registers regardless where char[] array ends and as result it can read beyond reserver heap space causing SEGV.

PUBLIC COMMENTS MacroAssembler::string_indexof() code loads 16 bytes into XMM registers regardless where char[] array ends and as result it can read beyond reserved heap space causing SEGV. I divided code in string_indexof() into two parts: 1. For constant substrings with size >=8 elements. This part doesn't need special handling strings loading and it doesn't modify strings pointers so no need to push them on stack. 2. For constant substrings with size <8 elements or non constant substring (size is unknown). This part has special handling for strings loading: if size is small and it cross page boundary copy string to stack and load from it. If substring is constant use separate mov instructions to load it. This part also do additional checks for small tails during search and back up pointers to load them.

28-02-2011

EVALUATION http://hg.openjdk.java.net/jdk7/hotspot-comp/hotspot/rev/41d4973cf100

26-02-2011