On Tue, 12 Nov 2024 07:30:41 GMT, Shaojin Wen <s...@openjdk.org> wrote:
> In the JDK code, there are some places that may cause Unsafe offset overflow.
> The probability of occurrence is low, but if it occurs, it will cause JVM
> crash.
src/java.base/share/classes/sun/nio/cs/StringUTF16.java line 35:
> 33: public static char getChar(byte[] val, int index) {
> 34: return unsafe.getChar(val,
> 35: (long) ARRAY_BYTE_BASE_OFFSET + ARRAY_BYTE_INDEX_SCALE *
> index * 2L);
This expression already contains `2L` which is a `long`. So, isn't the result
of the multiplications of type `long`, and consequently, isn't the entire
expression calculated with `long` precision as it is?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22027#discussion_r1837653228
