RFR: JDK-8302594: use-after-free in Node::destruct [v2]
Justin King
jcking at openjdk.org
Wed Feb 15 20:31:10 UTC 2023
On Wed, 15 Feb 2023 19:30:04 GMT, Vladimir Kozlov <kvn at openjdk.org> wrote:
>> src/hotspot/share/opto/node.cpp line 668:
>>
>>> 666: #ifndef ASSERT
>>> 667: compile->node_arena()->Afree(in_array, edge_size+node_size);
>>> 668: #endif
>>
>> Why we do it only in product VM? I need to look.
>
> In lines 651-654 ("smash the C++ vtbl" etc) we trash fields in debug VM and do not free the space intentionally to catch dangling references to it. That is why we free space only in product VM.
Also smashing the vtable only really helps if you are going to call a virtual function, otherwise it doesn't help at all. But I guess it is better than nothing.
-------------
PR: https://git.openjdk.org/jdk/pull/12577
More information about the hotspot-compiler-dev
mailing list