From 91c5ad3aa8b037457b344d36610ad24599cd1cc3 Mon Sep 17 00:00:00 2001
From: kamg <unknown>
Date: Mon, 4 Jun 2012 10:22:37 -0400
Subject: [PATCH] 7166498: JVM crash in ClassVerifier Summary: Fixed raw
 pointer being used after potential safepoint/GC Reviewed-by: acorn, fparain,
 dholmes

---
 src/share/vm/classfile/verifier.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/share/vm/classfile/verifier.cpp b/src/share/vm/classfile/verifier.cpp
index 9ab47f7b6..7b5932a54 100644
--- a/src/share/vm/classfile/verifier.cpp
+++ b/src/share/vm/classfile/verifier.cpp
@@ -1738,10 +1738,14 @@ void ClassVerifier::verify_switch(
   int target = bci + default_offset;
   stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
   for (int i = 0; i < keys; i++) {
+    // Because check_jump_target() may safepoint, the bytecode could have
+    // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
+    aligned_bcp = (address)round_to((intptr_t)(bcs->bcp() + 1), jintSize);
     target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
     stackmap_table->check_jump_target(
       current_frame, target, CHECK_VERIFY(this));
   }
+  NOT_PRODUCT(aligned_bcp = NULL);  // no longer valid at this point
 }
 
 bool ClassVerifier::name_in_supers(
-- 
GitLab