< prev index next >
src/java.base/unix/native/libnio/MappedByteBuffer.c
Print this page
rev 17651 : 8186665: [aix] buffer overflow in Java_java_nio_MappedByteBuffer_isLoaded0
Reviewed-by:
@@ -26,34 +26,67 @@
#include "jni.h"
#include "jni_util.h"
#include "jvm.h"
#include "jlong.h"
#include "java_nio_MappedByteBuffer.h"
+#include <assert.h>
#include <sys/mman.h>
#include <stddef.h>
#include <stdlib.h>
+#ifdef _AIX
+#include <unistd.h>
+#endif
+
+
+#ifdef _AIX
+static long calculate_number_of_pages_in_range(void* address, size_t len, size_t pagesize) {
+ uintptr_t address_unaligned = (uintptr_t) address;
+ uintptr_t address_aligned = address_unaligned & (~(pagesize - 1));
+ size_t len2 = len + (address_unaligned - address_aligned);
+ long numPages = (len2 + pagesize - 1) / pagesize;
+ return len2 + pagesize - 1 / pagesize;
+}
+#endif
+
+/* Output type for mincore(2) */
+#ifdef __linux__
+typedef unsigned char mincore_vec_t;
+#else
+typedef char mincore_vec_t;
+#endif
+
JNIEXPORT jboolean JNICALL
Java_java_nio_MappedByteBuffer_isLoaded0(JNIEnv *env, jobject obj, jlong address,
jlong len, jint numPages)
{
jboolean loaded = JNI_TRUE;
int result = 0;
int i = 0;
void *a = (void *) jlong_to_ptr(address);
-#ifdef __linux__
- unsigned char *vec = (unsigned char *)malloc(numPages * sizeof(char));
-#else
- char *vec = (char *)malloc(numPages * sizeof(char));
+ mincore_vec_t* vec = NULL;
+
+#ifdef _AIX
+ /* See JDK-8186665 */
+ size_t pagesize = (size_t)sysconf(_SC_PAGESIZE);
+ if ((long)pagesize == -1) {
+ return JNI_FALSE;
+ }
+ numPages = (jint) calculate_number_of_pages_in_range(a, len, pagesize);
#endif
+ vec = (mincore_vec_t*) malloc(numPages + 1);
+
if (vec == NULL) {
JNU_ThrowOutOfMemoryError(env, NULL);
return JNI_FALSE;
}
+ vec[numPages] = '\x7f'; /* Sentinel */
result = mincore(a, (size_t)len, vec);
+ assert(vec[numPages] == '\x7f');
+
if (result == -1) {
JNU_ThrowIOExceptionWithLastError(env, "mincore failed");
free(vec);
return JNI_FALSE;
}
< prev index next >