From 7f1341d408731876b56617250061107068cafa15 Mon Sep 17 00:00:00 2001 From: ysuenaga Date: Fri, 11 Jan 2019 23:32:52 +0900 Subject: [PATCH] 8216486: Possibility of integer overflow in JfrThreadSampler::run() Reviewed-by: rehn, sgehwolf --- .../vm/jfr/periodic/sampling/jfrThreadSampler.cpp | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/share/vm/jfr/periodic/sampling/jfrThreadSampler.cpp b/src/share/vm/jfr/periodic/sampling/jfrThreadSampler.cpp index 9325f221e..969ce8ff6 100644 --- a/src/share/vm/jfr/periodic/sampling/jfrThreadSampler.cpp +++ b/src/share/vm/jfr/periodic/sampling/jfrThreadSampler.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -499,8 +499,17 @@ void JfrThreadSampler::run() { jlong now_ms = get_monotonic_ms(); - jlong next_j = java_interval + last_java_ms - now_ms; - jlong next_n = native_interval + last_native_ms - now_ms; + /* + * Let I be java_interval or native_interval. + * Let L be last_java_ms or last_native_ms. + * Let N be now_ms. + * + * Interval, I, might be max_jlong so the addition + * could potentially overflow without parenthesis (UB). Also note that + * L - N < 0. Avoid UB, by adding parenthesis. + */ + jlong next_j = java_interval + (last_java_ms - now_ms); + jlong next_n = native_interval + (last_native_ms - now_ms); jlong sleep_to_next = MIN2(next_j, next_n); -- GitLab