RFR: 8302218: CHeapBitMap::free frees with incorrect size
Daohan Qu
duke at openjdk.org
Mon May 22 12:11:56 UTC 2023
This patch should fix [JDK-8302218](https://bugs.openjdk.org/browse/JDK-8302218).
In destructor of `CHeapBitMap`, it invokes `free()` to free allocated memory:
https://github.com/openjdk/jdk/blob/b3cb82b859d22b18343d125349a5aebc0afb8576/src/hotspot/share/utilities/bitMap.cpp#L133-L135
`free()`'s argument should be size in words, according to:
https://github.com/openjdk/jdk/blob/b3cb82b859d22b18343d125349a5aebc0afb8576/src/hotspot/share/utilities/bitMap.cpp#L141-L143
But the destructor pass the argument of `size()` (which returns `_size`). It is "size in bits" according to
https://github.com/openjdk/jdk/blob/b3cb82b859d22b18343d125349a5aebc0afb8576/src/hotspot/share/utilities/bitMap.hpp#L63-L65
Instead, it should use the return value of `size_in_words()` to invoke `free()`.
Once `ArrayAllocatorMallocLimit` option is set, `munmap()` may be used by `free()`, which does use the size argument and this may cause crash.
I have tested this patch for tier 1-3 on x86-64 linux.
-------------
Commit messages:
- Fix the bug of freeing incorrect size in CHeapBitMap destructor
Changes: https://git.openjdk.org/jdk/pull/14079/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=14079&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8302218
Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
Patch: https://git.openjdk.org/jdk/pull/14079.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/14079/head:pull/14079
PR: https://git.openjdk.org/jdk/pull/14079
More information about the hotspot-dev
mailing list