1.1 --- a/src/share/vm/interpreter/bytecodeStream.hpp Thu Mar 24 21:38:15 2016 -0700
1.2 +++ b/src/share/vm/interpreter/bytecodeStream.hpp Fri Apr 08 15:15:25 2016 +0300
1.3 @@ -1,5 +1,5 @@
1.4 /*
1.5 - * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
1.6 + * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
1.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
1.8 *
1.9 * This code is free software; you can redistribute it and/or modify it
1.10 @@ -149,12 +149,15 @@
1.11 code = Bytecodes::code_or_bp_at(bcp);
1.12
1.13 // set next bytecode position
1.14 - int l = Bytecodes::length_for(code);
1.15 - if (l > 0 && (_bci + l) <= _end_bci) {
1.16 + int len = Bytecodes::length_for(code);
1.17 + if (len > 0 && (_bci <= _end_bci - len)) {
1.18 assert(code != Bytecodes::_wide && code != Bytecodes::_tableswitch
1.19 && code != Bytecodes::_lookupswitch, "can't be special bytecode");
1.20 _is_wide = false;
1.21 - _next_bci += l;
1.22 + _next_bci += len;
1.23 + if (_next_bci <= _bci) { // Check for integer overflow
1.24 + code = Bytecodes::_illegal;
1.25 + }
1.26 _raw_code = code;
1.27 return code;
1.28 } else {
1.29 @@ -203,19 +206,23 @@
1.30 // note that we cannot advance before having the
1.31 // tty bytecode otherwise the stepping is wrong!
1.32 // (carefull: length_for(...) must be used first!)
1.33 - int l = Bytecodes::length_for(code);
1.34 - if (l == 0) l = Bytecodes::length_at(_method(), bcp);
1.35 - _next_bci += l;
1.36 - assert(_bci < _next_bci, "length must be > 0");
1.37 - // set attributes
1.38 - _is_wide = false;
1.39 - // check for special (uncommon) cases
1.40 - if (code == Bytecodes::_wide) {
1.41 - raw_code = (Bytecodes::Code)bcp[1];
1.42 - code = raw_code; // wide BCs are always Java-normal
1.43 - _is_wide = true;
1.44 + int len = Bytecodes::length_for(code);
1.45 + if (len == 0) len = Bytecodes::length_at(_method(), bcp);
1.46 + if (len <= 0 || (_bci > _end_bci - len) || (_bci - len >= _next_bci)) {
1.47 + raw_code = code = Bytecodes::_illegal;
1.48 + } else {
1.49 + _next_bci += len;
1.50 + assert(_bci < _next_bci, "length must be > 0");
1.51 + // set attributes
1.52 + _is_wide = false;
1.53 + // check for special (uncommon) cases
1.54 + if (code == Bytecodes::_wide) {
1.55 + raw_code = (Bytecodes::Code)bcp[1];
1.56 + code = raw_code; // wide BCs are always Java-normal
1.57 + _is_wide = true;
1.58 + }
1.59 + assert(Bytecodes::is_java_code(code), "sanity check");
1.60 }
1.61 - assert(Bytecodes::is_java_code(code), "sanity check");
1.62 }
1.63 _raw_code = raw_code;
1.64 _code = code;
