RFR: JDK-8327986: ASAN reports use-after-free in DirectivesParserTest.empty_object_vm
Thomas Stuefe
stuefe at openjdk.org
Wed Mar 13 08:30:13 UTC 2024
On Wed, 13 Mar 2024 08:03:49 GMT, Daniel JeliĆski <djelinski at openjdk.org> wrote:
>> ASAN reports a use-after-free, because we feed the string we got from `setlocale` back to `setlocale`, but the libc owns this string, and the libc decided to free it in the meantime.
>>
>> According to POSIX, it should be valid to pass into setlocale output from setlocale.
>>
>> However, glibc seems to delete the old string when calling setlocale again:
>>
>> https://codebrowser.dev/glibc/glibc/locale/setlocale.c.html#198
>>
>> Best to make a copy, and pass in the copy to setlocale.
>
> test/hotspot/gtest/compiler/test_directivesParser.cpp line 39:
>
>> 37: // These tests require the "C" locale to correctly parse decimal values
>> 38: DirectivesParserTest() : _locale(os::strdup(setlocale(LC_NUMERIC, nullptr), mtTest)) {
>> 39: setlocale(LC_NUMERIC, "C");
>
> Would it fix the issue if we did this instead?
>
> Suggestion:
>
> DirectivesParserTest() : _locale(setlocale(LC_NUMERIC, "C")) {
>
>
> seems to me that the string returned by setlocale is only valid until the next setlocale call, and currently we call setlocale twice in the constructor, and save the result of the first call.
No. The first setlocate call returns the pointer to the last locale, which becomes invalid. Changing the input string on the first setlocale call won't change that.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18235#discussion_r1522743065
More information about the hotspot-compiler-dev
mailing list