Fri, 11 Jan 2019 23:32:52 +0900
8216486: Possibility of integer overflow in JfrThreadSampler::run()
Reviewed-by: rehn, sgehwolf
src/share/vm/jfr/periodic/sampling/jfrThreadSampler.cpp | file | annotate | diff | comparison | revisions |
1.1 --- a/src/share/vm/jfr/periodic/sampling/jfrThreadSampler.cpp Thu Dec 13 14:36:54 2018 +0100 1.2 +++ b/src/share/vm/jfr/periodic/sampling/jfrThreadSampler.cpp Fri Jan 11 23:32:52 2019 +0900 1.3 @@ -1,5 +1,5 @@ 1.4 /* 1.5 - * Copyright (c) 2012, 2018, Oracle and/or its affiliates. All rights reserved. 1.6 + * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved. 1.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 1.8 * 1.9 * This code is free software; you can redistribute it and/or modify it 1.10 @@ -499,8 +499,17 @@ 1.11 1.12 jlong now_ms = get_monotonic_ms(); 1.13 1.14 - jlong next_j = java_interval + last_java_ms - now_ms; 1.15 - jlong next_n = native_interval + last_native_ms - now_ms; 1.16 + /* 1.17 + * Let I be java_interval or native_interval. 1.18 + * Let L be last_java_ms or last_native_ms. 1.19 + * Let N be now_ms. 1.20 + * 1.21 + * Interval, I, might be max_jlong so the addition 1.22 + * could potentially overflow without parenthesis (UB). Also note that 1.23 + * L - N < 0. Avoid UB, by adding parenthesis. 1.24 + */ 1.25 + jlong next_j = java_interval + (last_java_ms - now_ms); 1.26 + jlong next_n = native_interval + (last_native_ms - now_ms); 1.27 1.28 jlong sleep_to_next = MIN2<jlong>(next_j, next_n); 1.29