Possible integer overflow in LIRGenerator::generate_address on SPARC and other platforms

Vladimir Kozlov vladimir.kozlov at oracle.com
Wed Sep 14 18:11:28 UTC 2016

CC to group since I am not familiar with C1.

On SPARC generate_address() is called only from

   LIR_Address* generate_address(LIR_Opr base, int disp, BasicType type) {
     return generate_address(base, LIR_OprFact::illegalOpr, 0, disp, type);

So it is not a issue. But I agree with you in general.

On x86 LIRGenerator::emit_array_address() may have this problem.

The only explanation I see that we did not hit it is Interpreter may be more careful about checking it and throw exception.

It could be C1 check this values somewhere else.


On 9/6/16 9:21 AM, Doerr, Martin wrote:
> Hi Vladimir,
> I was wondering about the following code in LIRGenerator::generate_address in c1_LIRGenerator_sparc.cpp (and some other platforms):
> if (index->is_constant()) {
>      disp += index->as_constant_ptr()->as_jint() << shift;
> It’s fine to compute the constant in general, but disp is an int!
> Seems like the only user of this function which uses an index is Unsafe put/get where nobody has noticed it yet.
> Do you think we have to fix this in 9?
> I can open a bug if you like.
> Best regards,
> Martin

More information about the hotspot-compiler-dev mailing list