JDK-6756528 : Bytecodes::special_length_at reads past end of code buffer
  • Type: Bug
  • Component: hotspot
  • Sub-Component: runtime
  • Affected Version: 6u8
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2008-10-06
  • Updated: 2012-10-08
  • Resolved: 2008-11-19
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7 Other
6u14Fixed 7Fixed hs14Fixed
Description
Bytecodes::special_length_at does not check for the end of the buffer before reading from memory.  This can cause uninitialized or even unmapped memory to be read.  The attached test triggers this condition using tableswitch.

Comments
EVALUATION http://hg.openjdk.java.net/jdk7/hotspot-rt/hotspot/rev/c7ec737733a6
31-10-2008