RFR(XXS): 8144197: Possible use after free in Arguments::add_property function
Dmitry Dmitriev
dmitry.dmitriev at oracle.com
Tue Dec 1 11:38:09 UTC 2015
Hello,
Please, review this small fix. JDK-8132725 removes memory leak in
Arguments::add_property function in
hotspot/src/share/vm/runtime/arguments.cpp module, but introduce
theoretical possibility of use after free of _java_command, because
_java_command used in reporting OOM errors. This can happen if
sun.java.command property is defined more than once and JVM can not
allocate memory for new java command when processing second(or later)
"sun.java.command" property. Thus sun.java.command can point to the
freed memory when reporting OOM error, because memory for
sun.java.command is freed before allocating new sun.java.command. Fix is
simple - free old sun.java.command only after allocating memory for the
new one. The similar thing is done for java.vendor.url.bug property in
case if fatal error occurred during allocation of new
java.vendor.url.bug property.
JBS: https://bugs.openjdk.java.net/browse/JDK-8144197
webrev.00: http://cr.openjdk.java.net/~ddmitriev/8144197/webrev.00/
<http://cr.openjdk.java.net/%7Eddmitriev/8144197/webrev.00/>
Testing: locally, JPRT
Thanks,
Dmitry
More information about the hotspot-runtime-dev
mailing list