Thu, 03 Dec 2009 14:20:22 -0800
6892265: System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes
Summary: Use size_t type cast to widen int values in typeArrayKlass::copy_array().
Reviewed-by: never, jcoomes
src/share/vm/oops/typeArrayKlass.cpp | file | annotate | diff | comparison | revisions | |
test/compiler/6892265/Test.java | file | annotate | diff | comparison | revisions |
1.1 --- a/src/share/vm/oops/typeArrayKlass.cpp Thu Nov 12 15:35:38 2009 -0800 1.2 +++ b/src/share/vm/oops/typeArrayKlass.cpp Thu Dec 03 14:20:22 2009 -0800 1.3 @@ -123,16 +123,16 @@ 1.4 || (((unsigned int) length + (unsigned int) dst_pos) > (unsigned int) d->length()) ) { 1.5 THROW(vmSymbols::java_lang_ArrayIndexOutOfBoundsException()); 1.6 } 1.7 + // Check zero copy 1.8 + if (length == 0) 1.9 + return; 1.10 1.11 // This is an attempt to make the copy_array fast. 1.12 - // NB: memmove takes care of overlapping memory segments. 1.13 - // Potential problem: memmove is not guaranteed to be word atomic 1.14 - // Revisit in Merlin 1.15 int l2es = log2_element_size(); 1.16 int ihs = array_header_in_bytes() / wordSize; 1.17 - char* src = (char*) ((oop*)s + ihs) + (src_pos << l2es); 1.18 - char* dst = (char*) ((oop*)d + ihs) + (dst_pos << l2es); 1.19 - memmove(dst, src, length << l2es); 1.20 + char* src = (char*) ((oop*)s + ihs) + ((size_t)src_pos << l2es); 1.21 + char* dst = (char*) ((oop*)d + ihs) + ((size_t)dst_pos << l2es); 1.22 + Copy::conjoint_memory_atomic(src, dst, (size_t)length << l2es); 1.23 } 1.24 1.25
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/test/compiler/6892265/Test.java Thu Dec 03 14:20:22 2009 -0800 2.3 @@ -0,0 +1,65 @@ 2.4 +/* 2.5 + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 2.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 2.7 + * 2.8 + * This code is free software; you can redistribute it and/or modify it 2.9 + * under the terms of the GNU General Public License version 2 only, as 2.10 + * published by the Free Software Foundation. 2.11 + * 2.12 + * This code is distributed in the hope that it will be useful, but WITHOUT 2.13 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 2.14 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 2.15 + * version 2 for more details (a copy is included in the LICENSE file that 2.16 + * accompanied this code). 2.17 + * 2.18 + * You should have received a copy of the GNU General Public License version 2.19 + * 2 along with this work; if not, write to the Free Software Foundation, 2.20 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2.21 + * 2.22 + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, 2.23 + * CA 95054 USA or visit www.sun.com if you need additional information or 2.24 + * have any questions. 2.25 + * 2.26 + */ 2.27 + 2.28 +/** 2.29 + * @test 2.30 + * @bug 6892265 2.31 + * @summary System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes 2.32 + * 2.33 + * @run main/othervm Test 2.34 + */ 2.35 + 2.36 +public class Test { 2.37 + static final int NCOPY = 1; 2.38 + static final int OVERFLOW = 1; 2.39 + static int[] src2 = new int[NCOPY]; 2.40 + static int[] dst2; 2.41 + 2.42 + static void test() { 2.43 + int N; 2.44 + int SIZE; 2.45 + 2.46 + N = Integer.MAX_VALUE/4 + OVERFLOW; 2.47 + System.arraycopy(src2, 0, dst2, N, NCOPY); 2.48 + System.arraycopy(dst2, N, src2, 0, NCOPY); 2.49 + } 2.50 + 2.51 + public static void main(String[] args) { 2.52 + try { 2.53 + dst2 = new int[NCOPY + Integer.MAX_VALUE/4 + OVERFLOW]; 2.54 + } catch (OutOfMemoryError e) { 2.55 + System.exit(95); // Not enough memory 2.56 + } 2.57 + System.out.println("warmup"); 2.58 + for (int i=0; i <11000; i++) { 2.59 + test(); 2.60 + } 2.61 + System.out.println("start"); 2.62 + for (int i=0; i <1000; i++) { 2.63 + test(); 2.64 + } 2.65 + System.out.println("finish"); 2.66 + } 2.67 + 2.68 +}