8152207: Perform array bound checks while getting a length of bytecod…

…e instructions Reviewed-by: sgehwolf, phh Backport-of: 68c8a74fbe25918ec50711ce10eff65afcc73b93
openjdk · Aug 13, 2024 · d4adbe3 · d4adbe3 · openjdk-notifier · Aug 13, 2024
1 parent 047b08a
commit d4adbe3
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 5 deletions.
diff --git a/hotspot/src/share/vm/interpreter/bytecodes.hpp b/hotspot/src/share/vm/interpreter/bytecodes.hpp
@@ -394,15 +394,16 @@ class Bytecodes: AllStatic {
   static Code       non_breakpoint_code_at(const Method* method, address bcp);
 
   // Bytecode attributes
-  static bool        is_defined     (int  code)    { return 0 <= code && code < number_of_codes && flags(code, false) != 0; }
+  static bool        is_valid       (int  code)    { return 0 <= code && code < number_of_codes; }
+  static bool        is_defined     (int  code)    { return is_valid(code) && flags(code, false) != 0; }
   static bool        wide_is_defined(int  code)    { return is_defined(code) && flags(code, true) != 0; }
   static const char* name           (Code code)    { check(code);      return _name          [code]; }
   static BasicType   result_type    (Code code)    { check(code);      return _result_type   [code]; }
   static int         depth          (Code code)    { check(code);      return _depth         [code]; }
   // Note: Length functions must return <=0 for invalid bytecodes.
   // Calling check(code) in length functions would throw an unwanted assert.
-  static int         length_for     (Code code)    { /*no check*/      return _lengths       [code] & 0xF; }
-  static int         wide_length_for(Code code)    { /*no check*/      return _lengths       [code] >> 4; }
+  static int         length_for     (Code code)    { return is_valid(code) ? _lengths[code] & 0xF : -1; }
+  static int         wide_length_for(Code code)    { return is_valid(code) ? _lengths[code]  >> 4 : -1; }
   static bool        can_trap       (Code code)    { check(code);      return has_all_flags(code, _bc_can_trap, false); }
   static Code        java_code      (Code code)    { check(code);      return _java_code     [code]; }
   static bool        can_rewrite    (Code code)    { check(code);      return has_all_flags(code, _bc_can_rewrite, false); }

diff --git a/jdk/src/share/native/common/check_code.c b/jdk/src/share/native/common/check_code.c
@@ -1731,9 +1731,14 @@ static int instruction_length(unsigned char *iptr, unsigned char *end)
             }
 
         default: {
+            if (instruction < 0 || instruction > JVM_OPC_MAX)
+                return -1;
+
             /* A length of 0 indicates an error. */
-            int length = opcode_length[instruction];
-            return (length <= 0) ? -1 : length;
+            if (opcode_length[instruction] <= 0)
+                return -1;
+
+            return opcode_length[instruction];
         }
     }
 }