Mercurial > hg > openjdk > hsx14
changeset 509:71c275bfba43
6806226: Signed integer overflow in growable array code causes JVM crash
Summary: Workaround the overflow by doing the intermediate calculations in an unsigned variable.
Reviewed-by: ysr, jcoomes
author | jmasa |
---|---|
date | Wed, 25 Feb 2009 21:40:24 -0800 |
parents | b4bd2276d314 |
children | b8b99c79a6b7 |
files | src/share/vm/utilities/growableArray.cpp |
diffstat | 1 files changed, 5 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/vm/utilities/growableArray.cpp Wed Feb 25 16:39:22 2009 -0800 +++ b/src/share/vm/utilities/growableArray.cpp Wed Feb 25 21:40:24 2009 -0800 @@ -43,11 +43,13 @@ #endif void* GenericGrowableArray::raw_allocate(int elementSize) { + assert(_max >= 0, "integer overflow"); + size_t byte_size = elementSize * (size_t) _max; if (on_stack()) { - return (void*)resource_allocate_bytes(elementSize * _max); + return (void*)resource_allocate_bytes(byte_size); } else if (on_C_heap()) { - return (void*)AllocateHeap(elementSize * _max, "GrET in " __FILE__); + return (void*)AllocateHeap(byte_size, "GrET in " __FILE__); } else { - return _arena->Amalloc(elementSize * _max); + return _arena->Amalloc(byte_size); } }