Off-by-one error in StackMapFrame::set_mark() breaks -XX:+UseMallocOnly

Coleen Phillimore coleen.phillimore at oracle.com
Mon Feb 4 09:07:04 PST 2013 

Volker,

This looks good.  I'll check this in for you, pending more reviews.  I 
also added the test because even though it's a nothing-test, it'll test 
UseMallocOnly and exposes this bug.

open webrev at http://cr.openjdk.java.net/~coleenp/8007475/
bug link at http://bugs.sun.com/view_bug.do?bug_id=8007475

Thanks for sending in the patch.
Coleen

On 1/21/2013 10:35 AM, Volker Simonis wrote:
> Hi,
>
> the following debug code in StackMapFrame::set_mark() writes beyond 
> the bounds of an array allocated with NEW_RESOURCE_ARRAY. This 
> immediately triggers a "memory stomping error" when running with 
> -XX:+UseMallocOnly:
>
> > output_64_dbg/linux_amd64_compiler2/jvmg/hotspot -showversion 
> -XX:+UseMallocOnly StackMapFrameTest
>
> Using java runtime at: /share/software/Java/jdk1.7.0_b142/jre
> java version "1.7.0-ea"
> Java(TM) SE Runtime Environment (build 1.7.0-ea-b142)
> OpenJDK 64-Bit Server VM (build 25.0-b16-internal-jvmg, mixed mode)
>
> ## nof_mallocs = 56604, nof_frees = 43232
> ## memory stomp: byte at 0x00007f4cc81c5e20 after object 
> 0x00007f4cc81c5e18
> ### previous object (not sure if correct): 0x00007f4cc81c5620 (1953 bytes)
> ### next object: 0x00007f4cc81c5e58 (56 bytes)
> # To suppress the following error report, specify this argument
> # after -XX: or in .hotspotrc: SuppressErrorAt=/os.cpp:551
> #
> # A fatal error has been detected by the Java Runtime Environment:
> #
> #  Internal Error 
> (/share/software/Java/OpenJDK/hsx/hotspot-comp/hotspot/src/share/vm/runtime/os.cpp:551), 
> pid=22702, tid=139967890032384
> #  fatal error: memory stomping error
> #
>
> The following patch fixes the problem:
>
> diff -r bf623b2d5508 src/share/vm/classfile/stackMapFrame.hpp
> --- a/src/share/vm/classfile/stackMapFrame.hpp  Wed Jan 16 14:55:18 
> 2013 -0800
> +++ b/src/share/vm/classfile/stackMapFrame.hpp  Mon Jan 21 16:27:46 
> 2013 +0100
> @@ -178,7 +178,7 @@
>  #ifdef DEBUG
>      // Put bogus type to indicate it's no longer valid.
>      if (_stack_mark != -1) {
> -      for (int i = _stack_mark; i >= _stack_size; --i) {
> +      for (int i = _stack_mark - 1; i >= _stack_size; --i) {
>          _stack[i] = VerificationType::bogus_type();
>        }
>      }
>
> For your convenience, please find attached the small test case and the 
> patch. I haven't done a JTreg test because the problem only occurs in 
> the debug version of the VM when running with -XX:+UseMallocOnly which 
> isn't a tested configuration anyway. Nevertheless I think the 
> -XX:+UseMallocOnly option (which is also only available in the debug 
> version of the VM) is important enough (i.e. very nice to hunt other 
> memory problems) to fix the problem.
>
> Could somebody please open a bug report for this issue (because I 
> still can't and probably won't be able to until the end of times:) and 
> commit the patch.
>
> Thank you and best regards,
> Volker

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/hotspot-runtime-dev/attachments/20130204/c5a129c5/attachment.html

More information about the hotspot-runtime-dev mailing list