RFR: 8365604: Null pointer dereference in src/hotspot/share/adlc/output_h.cpp ArchDesc::declareClasses() [v2]
Artem Semenov
asemenov at openjdk.org
Thu Aug 21 11:11:56 UTC 2025
On Thu, 21 Aug 2025 09:59:01 GMT, Andrew Dinn <adinn at openjdk.org> wrote:
>> A situation is possible where head becomes nullptr when head->next() returns nullptr on the last iteration. Then, after the loop finishes, assert(head != nullptr) will trigger (only in debug mode), and return head->data() will cause a program error
>
> Hmm, is it possible?
>
> Perhaps you could explain how pos_idx is being used in this loop to guard against that happening and why that does not make this safe?
```head->next()``` returns a pointer to _next without any checks.
In turn, the _next pointer is marked as volatile, which means it can be modified at any moment, for example, in another thread.
>From this, I conclude that a check in this location is desirable. Moreover, pos_idx is also not being checked. It is quite possible that ```head->next()``` could turn out to be nullptr.
But I don’t mind. If you are sure that there can’t be a nullptr in this place, I will withdraw this patch.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26798#discussion_r2290701959
More information about the hotspot-jfr-dev
mailing list