From 89ca5b6fbd82f00375b4f96b2f3526078088d3f9 Mon Sep 17 00:00:00 2001
From: Amit Kumar <amitkumar@openjdk.org>
Date: Tue, 20 Aug 2024 09:54:20 +0000
Subject: [PATCH] 8338365: [PPC64, s390] Out-of-bounds array access in
 secondary_super_cache

Reviewed-by: mdoerr, aph, rrich
---
 src/hotspot/cpu/ppc/macroAssembler_ppc.cpp   | 6 ++----
 src/hotspot/cpu/s390/macroAssembler_s390.cpp | 4 ++--
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/hotspot/cpu/ppc/macroAssembler_ppc.cpp b/src/hotspot/cpu/ppc/macroAssembler_ppc.cpp
index c7cf678b49e..3b48b4020cc 100644
--- a/src/hotspot/cpu/ppc/macroAssembler_ppc.cpp
+++ b/src/hotspot/cpu/ppc/macroAssembler_ppc.cpp
@@ -2170,7 +2170,6 @@ do {                                                                  \
          (result        == R8_ARG6      || result        == noreg), "registers must match ppc64.ad"); \
 } while(0)
 
-// Return true: we succeeded in generating this code
 void MacroAssembler::lookup_secondary_supers_table(Register r_sub_klass,
                                                    Register r_super_klass,
                                                    Register temp1,
@@ -2292,9 +2291,8 @@ void MacroAssembler::lookup_secondary_supers_table_slow_path(Register r_super_kl
 
   // The bitmap is full to bursting.
   // Implicit invariant: BITMAP_FULL implies (length > 0)
-  assert(Klass::SECONDARY_SUPERS_BITMAP_FULL == ~uintx(0), "");
-  cmpdi(CCR0, r_bitmap, -1);
-  beq(CCR0, L_huge);
+  cmpwi(CCR0, r_array_length, (int32_t)Klass::SECONDARY_SUPERS_TABLE_SIZE - 2);
+  bgt(CCR0, L_huge);
 
   // NB! Our caller has checked bits 0 and 1 in the bitmap. The
   // current slot (at secondary_supers[r_array_index]) has not yet
diff --git a/src/hotspot/cpu/s390/macroAssembler_s390.cpp b/src/hotspot/cpu/s390/macroAssembler_s390.cpp
index a233934405f..b31d08f9fde 100644
--- a/src/hotspot/cpu/s390/macroAssembler_s390.cpp
+++ b/src/hotspot/cpu/s390/macroAssembler_s390.cpp
@@ -3320,8 +3320,8 @@ void MacroAssembler::lookup_secondary_supers_table_slow_path(Register r_super_kl
   NearLabel L_huge;
 
   // The bitmap is full to bursting.
-  z_cghi(r_bitmap, Klass::SECONDARY_SUPERS_BITMAP_FULL);
-  z_bre(L_huge);
+  z_chi(r_array_length, Klass::SECONDARY_SUPERS_BITMAP_FULL - 2);
+  z_brh(L_huge);
 
   // NB! Our caller has checked bits 0 and 1 in the bitmap. The
   // current slot (at secondary_supers[r_array_index]) has not yet