[PATCH] fastdebug version: crash in Argument class while printing uninitialized string to outputStream (+PrintMallocFree)

Neo Jia neojia at gmail.com
Wed May 16 20:51:28 PDT 2007


This bug is in the fastdebug version while turning +PrintMallocFree on
and having other options following, such as

java -XX:+PrintMallocFree -Xmx16m -classpath . helloworld

will trigger this bug. But it won't crash if you switch the position
with -Xmx16m and -XX:+PrintMallocFree.

The root cause for this problem is that when the Argument class is
trying to allocate memory for incoming arguments such as string
"+PrintMallocFree" and "-Xmx16m", the "+PrintMallcFree" option will
trigger to initialize "xmlstream" before the Argument has copied all
those incoming arguments. And the "xmlstream" will read the argument
list in its init. function. The problem happens that the Argument
class increase the counter before it actually copy the string to its
internal array. So "xmlstream" will read garbage and crash the VM.

My fix is to defer increasing the counter of the argument list when
the array is not fully copied.

Please note: With this fix, the system will not crash but it will lost
some arguments in the generated XML file because the counter is less
than it should be when we begin the XML file.

It would be great if you can provide a better solution to keep all the
arguments in XML file.


Index: hotspot/src/share/vm/runtime/arguments.cpp
--- hotspot/src/share/vm/runtime/arguments.cpp	(revision 86)
+++ hotspot/src/share/vm/runtime/arguments.cpp	(working copy)
@@ -628,14 +628,14 @@

   int index = *count;

-  // expand the array and add arg to the last element
-  (*count)++;
   if (*bldarray == NULL) {
-    *bldarray = NEW_C_HEAP_ARRAY(char*, *count);
+    *bldarray = NEW_C_HEAP_ARRAY(char*, index + 1);
   } else {
-    *bldarray = REALLOC_C_HEAP_ARRAY(char*, *bldarray, *count);
+    *bldarray = REALLOC_C_HEAP_ARRAY(char*, *bldarray, index + 1);
   (*bldarray)[index] = strdup(arg);
+  // expand the array and add arg to the last element
+  (*count)++;

  void Arguments::build_jvm_args(const char* arg) {

I would remember that if researchers were not ambitious
probably today we haven't the technology we are using!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: arguments_list.patch
Type: application/octet-stream
Size: 807 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/hotspot-runtime-dev/attachments/20070516/7f887b75/attachment.obj 

More information about the hotspot-runtime-dev mailing list