-
Bug
-
Resolution: Fixed
-
P2
-
1.4.0
-
beta2
-
sparc
-
solaris_8
Java doesn't require integer overflow checks, thus a program can
increment or decrement a 32-bit int in a 64-bit register such that the
sign bit and/or bits in the high half of the register are set. Using
such a value as an array index without cleaning up the high word will
cause pointer+offset arithmetic to produce bogus addresses. In the
worst case, the result is a segv or random memory trashing. nsk test
b4290672 demonstrates a segv.
The problem doesn't occur often (in this test it requires an int value
with the sign bit set to be used as an operand of srem: most programs
will not generate integer overflow), but when it does, essentially
untraceable errors will occur. The problem can be worked around by
modifying the offending java source code so it doesn't produce integer
overflow.
The nsk testbase is at
/net/sqesvr.eng/export/vsn/VM/testbase/testbase_nsk.v14
The test itself is in
src/nsk/regression/b4290672
Compile and run b4290672.java with the 64-bit server vm to demonstrate
the failure.
increment or decrement a 32-bit int in a 64-bit register such that the
sign bit and/or bits in the high half of the register are set. Using
such a value as an array index without cleaning up the high word will
cause pointer+offset arithmetic to produce bogus addresses. In the
worst case, the result is a segv or random memory trashing. nsk test
b4290672 demonstrates a segv.
The problem doesn't occur often (in this test it requires an int value
with the sign bit set to be used as an operand of srem: most programs
will not generate integer overflow), but when it does, essentially
untraceable errors will occur. The problem can be worked around by
modifying the offending java source code so it doesn't produce integer
overflow.
The nsk testbase is at
/net/sqesvr.eng/export/vsn/VM/testbase/testbase_nsk.v14
The test itself is in
src/nsk/regression/b4290672
Compile and run b4290672.java with the 64-bit server vm to demonstrate
the failure.