JDK-8049253: JVM crashes when GC log rotation is invoked with long path.
Yasumasa Suenaga
yasuenag at gmail.com
Thu Jul 3 14:19:21 UTC 2014
Hi all,
JVM crashes when GC log rotation is invoked with long path ( >= 1024)
I filed testcase of this issue.
HOW TO REPRODUCE:
1. Extract TAR ball (testcase.tar.gz: Attached to JBS)
2. Compile SystemGC.java
3. Run java as following:
$
/usr/src/OpenJDK/hs-gc/build/linux-x86_64-normal-server-release/images/j2sdk-image/bin/java
-Xloggc:`cat longpath.txt` -XX:+UseGCLogFileRotation
-XX:NumberOfGCLogFiles=2 SystemGC
or
$
/usr/src/OpenJDK/hs-gc/build/linux-x86_64-normal-server-release/images/j2sdk-image/bin/java
-Xloggc:`cat maxpath.txt` -XX:+UseGCLogFileRotation
-XX:NumberOfGCLogFiles=2 SystemGC
4. Invoke GC log file rotation from jcmd:
$ jcmd <PID> GC.rotate_log
Cause of this crash is stack memory corruption in
gcLogFileStream::rotate_log() .
Current implementation, length of GC log file name is defined as
FILENAMEBUFLEN macro.
It is defined to 1024.
However, buffer of actual file name is allocated dynamically and its
length may be over 1024.
In this case, stack memory corruption is occurred.
-----------
char current_file_name[FILENAMEBUFLEN];
char renamed_file_name[FILENAMEBUFLEN];
:
size_t filename_len = strlen(_file_name);
if (_file != NULL) {
jio_snprintf(renamed_file_name, filename_len + EXTRACHARLEN, "%s.%d",
_file_name, _cur_file_num);
jio_snprintf(current_file_name, filename_len + EXTRACHARLEN, "%s.%d"
CURRENTAPPX,
_file_name, _cur_file_num);
:
-----------
It is rare. However it is critical.
I've created a patch for this issue and uploaded webrev.
It is work fine on my environment.
http://cr.openjdk.java.net/~ysuenaga/JDK-8049253/webrev.0/
I would like to contribute this patch.
Please cooperate.
Thanks,
Yasumasa
More information about the hotspot-gc-dev
mailing list