Skip to content
This repository was archived by the owner on Feb 2, 2023. It is now read-only.
/ jdk15u-dev Public archive

Commit ea36dfe

Browse files
mrserbmrserb
committedNov 30, 2022
8296496: Overzealous check in sizecalc.h prevents large memory allocation
Backport-of: 84e12244a4ff82b3307a5ffe6fbe9dded7b08d86
·
jdk-15.0.10+5jdk-15.0.10-ga
1 parent 130d34d commit ea36dfe

File tree

1 file changed

+7
-11
lines changed
  • src/java.desktop/share/native/common/awt/utility

1 file changed

+7
-11
lines changed
 

‎src/java.desktop/share/native/common/awt/utility/sizecalc.h

+7-11
Original file line numberDiff line numberDiff line change
@@ -46,13 +46,9 @@
4646

4747
#define IS_SAFE_SIZE_T(x) ((x) >= 0 && (unsigned long long)(x) <= SIZE_MAX)
4848

49-
#define IS_MUL_OVERFLOW(m, n) \
50-
((m) != 0 && (n) != 0 && (((size_t)((m)*(n))) != (((size_t)(m)) * ((size_t)(n)))))
51-
5249
#define IS_SAFE_SIZE_MUL(m, n) \
5350
(IS_SAFE_SIZE_T(m) && IS_SAFE_SIZE_T(n) && \
54-
((m) == 0 || (n) == 0 || (size_t)(n) <= (SIZE_MAX / (size_t)(m))) && \
55-
!IS_MUL_OVERFLOW(m, n))
51+
((m) == 0 || (n) == 0 || (size_t)(n) <= (SIZE_MAX / (size_t)(m))))
5652

5753
#define IS_SAFE_SIZE_ADD(a, b) \
5854
(IS_SAFE_SIZE_T(a) && IS_SAFE_SIZE_T(b) && (size_t)(b) <= (SIZE_MAX - (size_t)(a)))
@@ -75,10 +71,10 @@
7571
* // Use the allocated array...
7672
*/
7773
#define SAFE_SIZE_ARRAY_ALLOC(func, m, n) \
78-
(IS_SAFE_SIZE_MUL((m), (n)) ? ((func)((m) * (n))) : FAILURE_RESULT)
74+
(IS_SAFE_SIZE_MUL((m), (n)) ? ((func)((size_t)(m) * (size_t)(n))) : FAILURE_RESULT)
7975

8076
#define SAFE_SIZE_ARRAY_REALLOC(func, p, m, n) \
81-
(IS_SAFE_SIZE_MUL((m), (n)) ? ((func)((p), (m) * (n))) : FAILURE_RESULT)
77+
(IS_SAFE_SIZE_MUL((m), (n)) ? ((func)((p), (size_t)(m) * (size_t)(n))) : FAILURE_RESULT)
8278

8379
/*
8480
* A helper macro to safely allocate an array of type 'type' with 'n' items
@@ -92,19 +88,19 @@
9288
* IS_SAFE_... macros to check if the calculations are safe.
9389
*/
9490
#define SAFE_SIZE_NEW_ARRAY(type, n) \
95-
(IS_SAFE_SIZE_MUL(sizeof(type), (n)) ? (new type[(n)]) : throw std::bad_alloc())
91+
(IS_SAFE_SIZE_MUL(sizeof(type), (n)) ? (new type[(size_t)(n)]) : throw std::bad_alloc())
9692

9793
#define SAFE_SIZE_NEW_ARRAY2(type, n, m) \
9894
(IS_SAFE_SIZE_MUL((m), (n)) && IS_SAFE_SIZE_MUL(sizeof(type), (n) * (m)) ? \
99-
(new type[(n) * (m)]) : throw std::bad_alloc())
95+
(new type[(size_t)(n) * (size_t)(m)]) : throw std::bad_alloc())
10096

10197
/*
10298
* Checks if a data structure of size (a + m*n) can be safely allocated
10399
* w/o producing an integer overflow when calculating its size.
104100
*/
105101
#define IS_SAFE_STRUCT_SIZE(a, m, n) \
106102
( \
107-
IS_SAFE_SIZE_MUL((m), (n)) && IS_SAFE_SIZE_ADD((m) * (n), (a)) \
103+
IS_SAFE_SIZE_MUL((m), (n)) && IS_SAFE_SIZE_ADD((size_t)(m) * (size_t)(n), (a)) \
108104
)
109105

110106
/*
@@ -116,7 +112,7 @@
116112
* // Use the allocated memory...
117113
*/
118114
#define SAFE_SIZE_STRUCT_ALLOC(func, a, m, n) \
119-
(IS_SAFE_STRUCT_SIZE((a), (m), (n)) ? ((func)((a) + (m) * (n))) : FAILURE_RESULT)
115+
(IS_SAFE_STRUCT_SIZE((a), (m), (n)) ? ((func)((size_t)(a) + (size_t)(m) * (size_t)(n))) : FAILURE_RESULT)
120116

121117

122118
#endif /* SIZECALC_H */

1 commit comments

Comments
 (1)

openjdk-notifier[bot] commented on Nov 30, 2022

@openjdk-notifier[bot]
openjdk-notifier[bot]
on Nov 30, 2022

Review

Issues

This repository has been archived.