From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <java-patches-return-20772-listarch-java-patches=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 19717 invoked by alias); 28 Mar 2014 17:39:01 -0000
Mailing-List: contact java-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <java-patches.gcc.gnu.org>
List-Subscribe: <mailto:java-patches-subscribe@gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/java-patches/>
List-Post: <mailto:java-patches@gcc.gnu.org>
List-Help: <mailto:java-patches-help@gcc.gnu.org>, <http://gcc.gnu.org/ml/#faqs>
Sender: java-patches-owner@gcc.gnu.org
Received: (qmail 19651 invoked by uid 89); 28 Mar 2014 17:39:00 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-4.2 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2
X-Spam-User: qpsmtpd, 2 recipients
X-HELO: mx1.redhat.com
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 28 Mar 2014 17:38:59 +0000
Received: from int-mx12.intmail.prod.int.phx2.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25])	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s2SHcwDF002698	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);	Fri, 28 Mar 2014 13:38:58 -0400
Received: from zebedee.pink (ovpn-113-62.phx2.redhat.com [10.3.113.62])	by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s2SHcuEU016853;	Fri, 28 Mar 2014 13:38:57 -0400
Message-ID: <5335B3B0.9010701@redhat.com>
Date: Fri, 28 Mar 2014 17:39:00 -0000
From: Andrew Haley <aph@redhat.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: GCC Patches <gcc-patches@gcc.gnu.org>,        GCJ-patches <java-patches@gcc.gnu.org>
CC: Jakub Jelinek <jakub@redhat.com>
Subject: UBSan fix: avoid undefined behaviour in bitmask
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
X-SW-Source: 2014-q1/txt/msg00007.txt.bz2

UBSan detected that we were trying to set a non-existent bit in a mask.

I don't think it has mattered before now because when this happens the
value in the mask is not used.  However, better safe than sorry.

Andrew.


2014-03-28  Andrew Haley  <aph@redhat.com>

        * boehm.c (mark_reference_fields): Avoid unsigned integer overflow
        when calculating an index into a bitmap descriptor.

Index: gcc/java/boehm.c
===================================================================
--- gcc/java/boehm.c    (revision 208839)
+++ gcc/java/boehm.c    (working copy)
@@ -107,7 +107,11 @@
             bits for all words in the record. This is conservative, but the
             size_words != 1 case is impossible in regular java code. */
          for (i = 0; i < size_words; ++i)
-           *mask = (*mask).set_bit (ubit - count - i - 1);
+           {
+             int bitpos = ubit - count - i - 1;
+             if (bitpos >= 0)
+               *mask = (*mask).set_bit (bitpos);
+           }

          if (count >= ubit - 2)
            *pointer_after_end = 1;