6943926: G1: Integer overflow during heap region verification

Summary: The expression that calculates the live bytes for a heap region can overflow for a suitably large humongous region/object. Cache the object size in a suitably sized local variable so that the expression is converted to a wider type. Reviewed-by: tonyp, jmasa, iveresov, apetrusenko

6943926: G1: Integer overflow during heap region verification
Summary: The expression that calculates the live bytes for a heap region can overflow for a suitably large humongous region/object. Cache the object size in a suitably sized local variable so that the expression is converted to a wider type. Reviewed-by: tonyp, jmasa, iveresov, apetrusenko
dc370163 · johnc · ea61bdd9 · dc370163
隐藏空白更改
内联并排

Showing with 4 addition and 2 deletion

src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp +4 -2

未找到文件。
--- a/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp
+++ b/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp
@@ -2194,8 +2194,10 @@ public:
    assert(o != NULL, "Huh?");
    if (!_g1h->is_obj_dead_cond(o, _use_prev_marking)) {
      o->oop_iterate(&isLive);
-      if (!_hr->obj_allocated_since_prev_marking(o))
+      if (!_hr->obj_allocated_since_prev_marking(o)) {
-        _live_bytes += (o->size() * HeapWordSize);
+        size_t obj_size = o->size();    // Make sure we don't overflow
+        _live_bytes += (obj_size * HeapWordSize);
+      }
    }
  }
  size_t live_bytes() { return _live_bytes; }