Thu, 15 Apr 2010 15:52:55 -0700
6943926: G1: Integer overflow during heap region verification
Summary: The expression that calculates the live bytes for a heap region can overflow for a suitably large humongous region/object. Cache the object size in a suitably sized local variable so that the expression is converted to a wider type.
Reviewed-by: tonyp, jmasa, iveresov, apetrusenko
src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp | file | annotate | diff | comparison | revisions |
1.1 --- a/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp Tue Mar 30 15:43:03 2010 -0400 1.2 +++ b/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp Thu Apr 15 15:52:55 2010 -0700 1.3 @@ -2194,8 +2194,10 @@ 1.4 assert(o != NULL, "Huh?"); 1.5 if (!_g1h->is_obj_dead_cond(o, _use_prev_marking)) { 1.6 o->oop_iterate(&isLive); 1.7 - if (!_hr->obj_allocated_since_prev_marking(o)) 1.8 - _live_bytes += (o->size() * HeapWordSize); 1.9 + if (!_hr->obj_allocated_since_prev_marking(o)) { 1.10 + size_t obj_size = o->size(); // Make sure we don't overflow 1.11 + _live_bytes += (obj_size * HeapWordSize); 1.12 + } 1.13 } 1.14 } 1.15 size_t live_bytes() { return _live_bytes; }