RFR: JDK-8302594: use-after-free in Node::destruct [v2]
Vladimir Kozlov
kvn at openjdk.org
Wed Feb 15 20:31:05 UTC 2023
On Wed, 15 Feb 2023 19:23:04 GMT, Vladimir Kozlov <kvn at openjdk.org> wrote:
>> Justin King has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Update based on review
>>
>> Signed-off-by: Justin King <jcking at google.com>
>
> src/hotspot/share/opto/node.cpp line 668:
>
>> 666: #ifndef ASSERT
>> 667: compile->node_arena()->Afree(in_array, edge_size+node_size);
>> 668: #endif
>
> Why we do it only in product VM? I need to look.
In lines 651-654 ("smash the C++ vtbl" etc) we trash fields in debug VM and do not free the space intentionally to catch dangling references to it. That is why we free space only in product VM.
-------------
PR: https://git.openjdk.org/jdk/pull/12577
More information about the hotspot-compiler-dev
mailing list