RFR: 8365604: Null pointer dereference in src/hotspot/share/adlc/output_h.cpp ArchDesc::declareClasses() [v2]
Artem Semenov
asemenov at openjdk.org
Thu Aug 21 09:11:53 UTC 2025
On Wed, 20 Aug 2025 12:20:51 GMT, David Holmes <dholmes at openjdk.org> wrote:
>> Artem Semenov has updated the pull request incrementally with two additional commits since the last revision:
>>
>> - Update src/hotspot/share/c1/c1_LinearScan.cpp
>>
>> Co-authored-by: David Holmes <62092539+dholmes-ora at users.noreply.github.com>
>> - Update src/hotspot/share/adlc/output_h.cpp
>>
>> Co-authored-by: David Holmes <62092539+dholmes-ora at users.noreply.github.com>
>
> src/hotspot/share/nmt/mallocSiteTable.cpp line 172:
>
>> 170: index < pos_idx && head != nullptr;
>> 171: index++, head = ((MallocSiteHashtableEntry*)head->next() == nullptr) ? head :
>> 172: (MallocSiteHashtableEntry*)head->next()) {}
>
> This doesn't look right to me. We check `head != nullptr` in the loop condition so we cannot reach the assignment if it is null.
A situation is possible where head becomes nullptr when head->next() returns nullptr on the last iteration. Then, after the loop finishes, assert(head != nullptr) will trigger (only in debug mode), and return head->data() will cause a program error
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26798#discussion_r2290418847
More information about the hotspot-jfr-dev
mailing list