Mercurial > hg > openjdk > jdk8u > hotspot
changeset 9413:08e60f55c416
8203196: C1 emits incorrect code due to integer overflow in _tableswitch keys
Summary: Avoid integer overflow in TableSwitch().
Reviewed-by: goetz, mdoerr, vlivanov
author | thartmann |
---|---|
date | Tue, 22 May 2018 09:04:15 +0200 |
parents | dca20d25a2f5 |
children | 6f024d171932 |
files | src/share/vm/c1/c1_Instruction.hpp src/share/vm/c1/c1_LIRGenerator.cpp |
diffstat | 2 files changed, 3 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/vm/c1/c1_Instruction.hpp Wed Dec 02 15:13:42 2015 +0100 +++ b/src/share/vm/c1/c1_Instruction.hpp Tue May 22 09:04:15 2018 +0200 @@ -2124,11 +2124,11 @@ // creation TableSwitch(Value tag, BlockList* sux, int lo_key, ValueStack* state_before, bool is_safepoint) : Switch(tag, sux, state_before, is_safepoint) - , _lo_key(lo_key) {} + , _lo_key(lo_key) { assert(_lo_key <= hi_key(), "integer overflow"); } // accessors int lo_key() const { return _lo_key; } - int hi_key() const { return _lo_key + length() - 1; } + int hi_key() const { return _lo_key + (length() - 1); } };
--- a/src/share/vm/c1/c1_LIRGenerator.cpp Wed Dec 02 15:13:42 2015 +0100 +++ b/src/share/vm/c1/c1_LIRGenerator.cpp Tue May 22 09:04:15 2018 +0200 @@ -2520,8 +2520,8 @@ move_to_phi(x->state()); int lo_key = x->lo_key(); - int hi_key = x->hi_key(); int len = x->length(); + assert(lo_key <= (lo_key + (len - 1)), "integer overflow"); LIR_Opr value = tag.result(); if (UseTableRanges) { do_SwitchRanges(create_lookup_ranges(x), value, x->default_sux());