RFR(XXS): 8144197: Possible use after free in Arguments::add_property function
Dmitry Dmitriev
dmitry.dmitriev at oracle.com
Tue Dec 8 11:07:57 UTC 2015
David, thank you for the review!
Dmitry
On 08.12.2015 14:06, David Holmes wrote:
> Fix looks good. That was a subtle one.
>
> Thanks,
> David
>
> On 8/12/2015 8:50 PM, Dmitry Dmitriev wrote:
>> Hello,
>>
>> Please, can I get review for that small fix? Thank you!
>>
>> Dmitry
>>
>> On 01.12.2015 14:38, Dmitry Dmitriev wrote:
>>> Hello,
>>>
>>> Please, review this small fix. JDK-8132725 removes memory leak in
>>> Arguments::add_property function in
>>> hotspot/src/share/vm/runtime/arguments.cpp module, but introduce
>>> theoretical possibility of use after free of _java_command, because
>>> _java_command used in reporting OOM errors. This can happen if
>>> sun.java.command property is defined more than once and JVM can not
>>> allocate memory for new java command when processing second(or later)
>>> "sun.java.command" property. Thus sun.java.command can point to the
>>> freed memory when reporting OOM error, because memory for
>>> sun.java.command is freed before allocating new sun.java.command. Fix
>>> is simple - free old sun.java.command only after allocating memory for
>>> the new one. The similar thing is done for java.vendor.url.bug
>>> property in case if fatal error occurred during allocation of new
>>> java.vendor.url.bug property.
>>>
>>> JBS: https://bugs.openjdk.java.net/browse/JDK-8144197
>>> webrev.00: http://cr.openjdk.java.net/~ddmitriev/8144197/webrev.00/
>>> <http://cr.openjdk.java.net/%7Eddmitriev/8144197/webrev.00/>
>>> Testing: locally, JPRT
>>>
>>> Thanks,
>>> Dmitry
>>
More information about the hotspot-runtime-dev
mailing list