diff options
| author | ralph <ralph@138bc75d-0d04-0410-961f-82ee72b054a4> | 2003-10-16 21:19:53 +0000 |
|---|---|---|
| committer | ralph <ralph@138bc75d-0d04-0410-961f-82ee72b054a4> | 2003-10-16 21:19:53 +0000 |
| commit | 566cfa76991b51e1fbac20cc23def73f3f8c5366 (patch) | |
| tree | 5eb019a86e608ffec1700a4faa313de2a574966e /libjava | |
| parent | a0a4226a8599e38a66023813b78fc47a7c7b61c7 (diff) | |
| download | gcc-566cfa76991b51e1fbac20cc23def73f3f8c5366.tar.gz | |
* prims.cc (_Jv_NewObjectArray): Make sure byte size doesn't
overflow a jint.
(_Jv_NewPrimArray): Check for overflowing a jint, replacing a
check for overflowing size_t, since the lower level functions
take a jint.
* testsuite/libjava.lang/newarray_overflow.java: New file.
* testsuite/libjava.lang/newarray_overflow.out: New file.
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@72577 138bc75d-0d04-0410-961f-82ee72b054a4
Diffstat (limited to 'libjava')
| -rw-r--r-- | libjava/ChangeLog | 10 | ||||
| -rw-r--r-- | libjava/prims.cc | 13 | ||||
| -rw-r--r-- | libjava/testsuite/libjava.lang/newarray_overflow.java | 88 | ||||
| -rw-r--r-- | libjava/testsuite/libjava.lang/newarray_overflow.out | 1 |
4 files changed, 109 insertions, 3 deletions
diff --git a/libjava/ChangeLog b/libjava/ChangeLog index 5715231caf7..b34b427c6d8 100644 --- a/libjava/ChangeLog +++ b/libjava/ChangeLog @@ -1,3 +1,13 @@ +2003-10-17 Ralph Loader <rcl@ihug.co.nz> + + * prims.cc (_Jv_NewObjectArray): Make sure byte size doesn't + overflow a jint. + (_Jv_NewPrimArray): Check for overflowing a jint, replacing a + check for overflowing size_t, since the lower level functions + take a jint. + * testsuite/libjava.lang/newarray_overflow.java: New file. + * testsuite/libjava.lang/newarray_overflow.out: New file. + 2003-10-15 Michael Koch <konqueror@gmx.de> * java/text/RuleBasedCollator.java diff --git a/libjava/prims.cc b/libjava/prims.cc index 71cd8c3ece0..26e88329ed5 100644 --- a/libjava/prims.cc +++ b/libjava/prims.cc @@ -70,8 +70,10 @@ details. */ // around for use if we run out of memory. static java::lang::OutOfMemoryError *no_memory; -// Largest representable size_t. -#define SIZE_T_MAX ((size_t) (~ (size_t) 0)) +// Number of bytes in largest array object we create. This could be +// increased to the largest size_t value, so long as the appropriate +// functions are changed to take a size_t argument instead of jint. +#define MAX_OBJECT_SIZE ((1<<31) - 1) static const char *no_properties[] = { NULL }; @@ -481,6 +483,11 @@ _Jv_NewObjectArray (jsize count, jclass elementClass, jobject init) // Ensure that elements pointer is properly aligned. jobjectArray obj = NULL; size_t size = (size_t) elements (obj); + // Check for overflow. + if (__builtin_expect ((size_t) count > + (MAX_OBJECT_SIZE - 1 - size) / sizeof (jobject), false)) + throw no_memory; + size += count * sizeof (jobject); jclass klass = _Jv_GetArrayClass (elementClass, @@ -516,7 +523,7 @@ _Jv_NewPrimArray (jclass eltype, jint count) // Check for overflow. if (__builtin_expect ((size_t) count > - (SIZE_T_MAX - size) / elsize, false)) + (MAX_OBJECT_SIZE - size) / elsize, false)) throw no_memory; jclass klass = _Jv_GetArrayClass (eltype, 0); diff --git a/libjava/testsuite/libjava.lang/newarray_overflow.java b/libjava/testsuite/libjava.lang/newarray_overflow.java new file mode 100644 index 00000000000..17370b5374e --- /dev/null +++ b/libjava/testsuite/libjava.lang/newarray_overflow.java @@ -0,0 +1,88 @@ +/* This test checks for two slightly different overflow scenarios in + * array allocation. + * + * The first is that the number of bytes needed for an array size + * overflows on a 32 bit machine. + * + * The second is that on a 64 machine, the number of bytes silently + * gets truncated, resulting in too small an object being + * allocated. */ + +class newarray_overflow +{ + static boolean failed = false; + + static void int_check() + { + int[] x; + try + { + x = new int [1 << 30]; + } + catch (OutOfMemoryError e) + { + return; + } + /* If we really get away with it (64 bit machine), that's cool. */ + if (x == null) { + System.err.println ("int check: new returned null."); + failed = true; + return; + } + try + { + // Only check a few places so we don't thrash too badly. + for (int i = 0; i < x.length; i += (1 << 24)) + if (x[i] != 0) + failed = true; + } + catch (Throwable e) + { + System.err.print ("int check: "); + System.err.println (e); + failed = true; + } + } + + static void object_check() + { + Object[] x; + try + { + x = new Object [1 << 30]; + System.err.println ("Alloc succeeded."); + System.err.println (x); + } + catch (OutOfMemoryError e) + { + return; + } + /* If we really get away with it (64 bit machine), that's cool. */ + if (x == null) { + System.err.println ("Object check: new returned null."); + failed = true; + return; + } + try + { + for (int i = 0; i < x.length; i += (1 << 24)) + if (x[i] != null) + failed = true; + } + catch (Throwable e) + { + System.err.print ("Object check: "); + System.err.println (e); + failed = true; + } + } + + public static void main (String[] ignore) + { + int_check(); + object_check(); + + if (!failed) + System.out.println ("ok"); + } +} diff --git a/libjava/testsuite/libjava.lang/newarray_overflow.out b/libjava/testsuite/libjava.lang/newarray_overflow.out new file mode 100644 index 00000000000..9766475a418 --- /dev/null +++ b/libjava/testsuite/libjava.lang/newarray_overflow.out @@ -0,0 +1 @@ +ok |