JIT: Ensure no overflow in ContainBlockStoreAddress #76532
Conversation
The offset here can be a "base" address due to various JIT transformations so we should ensure the range [offset, offset+size) does not overflow. Fix dotnet#76506
dotnet-issue-labeler
bot
added
the
area-CodeGen-coreclr
ghost
assigned 
|
Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch Issue DetailsThe offset here can be a "base" address due to various JIT transformations so we should ensure the range [offset, offset+size) does not overflow. Fix #76506
|
|
Before #76273 we would see |
|
/azp run runtime-coreclr jitstress |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
cc: @tannergooding |
| @@ -688,7 +688,12 @@ void Lowering::ContainBlockStoreAddress(GenTreeBlk* blkNode, unsigned size, GenT | |||
| { | |||
| return; | |||
| } | |||
| #endif // TARGET_ARM | |||
| #else // !TARGET_ARM | |||
| if ((ClrSafeInt<int>(offset) + ClrSafeInt<int>(size)).IsOverflow()) | |||
There was a problem hiding this comment.
Can this overflow on arm too? Should this be outside the ifdef?
There was a problem hiding this comment.
I think the ARM specific check above is fine -- we only get here for unrolled block copies so size is guaranteed to be small.
|
Some of the remaining failures may be related to the pending fix: #76517 |
|
The failure for Runtime_40607 is #76546 |
|
#76507 also still seems to be failing even with this fix. |
|
Bruce just opened #76550 for the remaining failure. |
The offset here can be a "base" address due to various JIT transformations so we should ensure the range [offset, offset+size) does not overflow.
Fix #76506