RFR: 8349241: Fix the concurrent execution JVM crash of StringBuilder::append(int/long) [v5]
Shaojin Wen
swen at openjdk.org
Tue Feb 4 14:03:24 UTC 2025
On Tue, 4 Feb 2025 06:37:48 GMT, Claes Redestad <redestad at openjdk.org> wrote:
>> src/java.base/share/classes/java/lang/AbstractStringBuilder.java line 845:
>>
>>> 843: int spaceNeeded = count + DecimalDigits.stringSize(i);
>>> 844: byte[] value = ensureCapacityInternal(spaceNeeded);
>>> 845: if (isLatin1()) {
>>
>> This is not safe. The ensureCapacityInternal can read coder == LATIN1 and allocate a small array, but this `isLatin1` can read coder == UTF16 and write a UTF16 number out of bounds.
>
> A check that `spaceNeeded <= (value.length >> 1)` in the `else` branch would be needed and might be a sufficient safeguard here.
I made further improvements to improve the thread safety of the coder by passing the newCapacity method into the coder. I think this should be safe enough.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23427#discussion_r1941221475
More information about the core-libs-dev
mailing list