Request for reviews (XS): 7047069: Array can dynamically change size when assigned to an object field
vladimir.kozlov at oracle.com
Fri May 27 11:51:23 PDT 2011
Fixed 7047069: Array can dynamically change size when assigned to an object field
I lost my faith in our testing :( This broken code was there for more then 3
years and nobody hit it?
The initialization of a newly-allocated array with arraycopy is broken when src
and dest offsets are not constants. The typo in the code convert not constant
offsets to constant 8: 12 + (-1)*4. So we generates copy from offset 8 which is
array length and overwrite it and the rest of the beginning of the array.
Added regression test.
More information about the hotspot-compiler-dev