-
Bug
-
Resolution: Unresolved
-
P4
-
None
-
8
-
x86_64
-
linux
FULL PRODUCT VERSION :
$ java -version
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux slc09znj 3.8.13-118.13.3.el6uek.x86_64 #2 SMP Fri Oct 21 14:30:26 PDT 2016 x86_64 x86_64 x86_64 GNU/Linux
A DESCRIPTION OF THE PROBLEM :
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/file/80280d8b40e9/src/solaris/native/sun/nio/ch/PollArrayWrapper.c contains
044 jlong start, now;
....
047 int diff;
048
049 gettimeofday(&t, NULL);
050 start = t.tv_sec * 1000 + t.tv_usec / 1000;
051
....
056 gettimeofday(&t, NULL);
057 now = t.tv_sec * 1000 + t.tv_usec / 1000;
058 diff = now - start;
where two long quantities are subtracted, but their difference is stored in an int, leading to a possible overflow.
I have not thought about whether the overflow is possible, or what the consequences would be. The easy solution is to change `diff` to be a `long` instead of an `int`.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Just look at the code.
REPRODUCIBILITY :
This bug can be reproduced rarely.
$ java -version
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux slc09znj 3.8.13-118.13.3.el6uek.x86_64 #2 SMP Fri Oct 21 14:30:26 PDT 2016 x86_64 x86_64 x86_64 GNU/Linux
A DESCRIPTION OF THE PROBLEM :
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/file/80280d8b40e9/src/solaris/native/sun/nio/ch/PollArrayWrapper.c contains
044 jlong start, now;
....
047 int diff;
048
049 gettimeofday(&t, NULL);
050 start = t.tv_sec * 1000 + t.tv_usec / 1000;
051
....
056 gettimeofday(&t, NULL);
057 now = t.tv_sec * 1000 + t.tv_usec / 1000;
058 diff = now - start;
where two long quantities are subtracted, but their difference is stored in an int, leading to a possible overflow.
I have not thought about whether the overflow is possible, or what the consequences would be. The easy solution is to change `diff` to be a `long` instead of an `int`.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Just look at the code.
REPRODUCIBILITY :
This bug can be reproduced rarely.