From dc3701634e66e8d5544c307d45a0b64fcce4d7fc Mon Sep 17 00:00:00 2001
From: johnc <unknown>
Date: Thu, 15 Apr 2010 15:52:55 -0700
Subject: [PATCH] 6943926: G1: Integer overflow during heap region verification
 Summary: The expression that calculates the live bytes for a heap region can
 overflow for a suitably large humongous region/object. Cache the object size
 in a suitably sized local variable so that the expression is converted to a
 wider type. Reviewed-by: tonyp, jmasa, iveresov, apetrusenko

---
 src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp b/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp
index 1b56eae52..5f1948108 100644
--- a/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp
+++ b/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp
@@ -2194,8 +2194,10 @@ public:
     assert(o != NULL, "Huh?");
     if (!_g1h->is_obj_dead_cond(o, _use_prev_marking)) {
       o->oop_iterate(&isLive);
-      if (!_hr->obj_allocated_since_prev_marking(o))
-        _live_bytes += (o->size() * HeapWordSize);
+      if (!_hr->obj_allocated_since_prev_marking(o)) {
+        size_t obj_size = o->size();    // Make sure we don't overflow
+        _live_bytes += (obj_size * HeapWordSize);
+      }
     }
   }
   size_t live_bytes() { return _live_bytes; }
-- 
GitLab