JDK-8203223 : Signed integer overflow in ImageStrings::hash_code (libjimage.so)
  • Type: Bug
  • Component: tools
  • Sub-Component: jlink
  • Affected Version: 11
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: linux
  • CPU: generic
  • Submitted: 2018-05-15
  • Updated: 2018-07-12
  • Resolved: 2018-05-16
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11
11 b14Fixed
Related Reports
Relates :  
JDK-8207138 - vmTestbase/nsk/coverage/jni/jni005/TestDescription.java crashed in libjimage.so
Description
With an instrumented version of imageFile.o (via -fsanitize=undefined) a signed integer overflow is revealed which is undefined behaviour.

$ bin/java -version
/disk/openjdk/upstream-sources/openjdk-hs/src/java.base/share/native/libjimage/imageFile.cpp:64:22: runtime error: signed integer overflow: 16777619 * 16777619 cannot be represented in type 'int'
/disk/openjdk/upstream-sources/openjdk-hs/src/java.base/share/native/libjimage/imageFile.cpp:64:22: runtime error: signed integer overflow: 16777620 * 16777619 cannot be represented in type 'int'
openjdk version "11-internal" 2018-09-25
OpenJDK Runtime Environment (fastdebug build 11-internal+0-adhoc.sgehwolf.openjdk-hs)
OpenJDK 64-Bit Server VM (fastdebug build 11-internal+0-adhoc.sgehwolf.openjdk-hs, mixed mode)

This caused a build failure of the images target with GCC 8 (-O2) where the interim image was broken like this:

./build/linux-x86_64-normal-server-fastdebug/support/interim-image/bin/java -version
Error occurred during initialization of VM
java/lang/NoClassDefFoundError: java/lang/Object
Comments
Review-thread: http://mail.openjdk.java.net/pipermail/core-libs-dev/2018-May/053152.html
15-05-2018
webrev: http://cr.openjdk.java.net/~sgehwolf/webrevs/JDK-8203223/webrev.01/
15-05-2018
Looking at usages of function ImageStrings::hash_code one can see this in imageFile.hpp: // Compute the Perfect Hashing hash code for the supplied UTF-8 string. inline static u4 hash_code(const char* string) { return hash_code(string, HASH_MULTIPLIER); } where the hash_code function is defined as: // Compute the Perfect Hashing hash code for the supplied UTF-8 string. s4 ImageStrings::hash_code(const char* string, s4 seed) { // Access bytes as unsigned. u1* bytes = (u1*)string; // Compute hash code. for (u1 byte = *bytes++; byte; byte = *bytes++) { seed = (seed * HASH_MULTIPLIER) ^ byte; } // Ensure the result is not signed. return seed & 0x7FFFFFFF; } So any initial call to ImageStrings::hash_code() would result in signed integer multiplication of HASH_MULTIPLIER * HASH_MULTIPLIER. HASH_MULTIPLIER is defined as 0x01000193 == 1677761 (base 10). Thus, this causes a signed integer overflow.
15-05-2018