RFR (S) 8204055: SIGSEGV in java -XX:

David Holmes david.holmes at oracle.com
Thu May 31 05:55:26 UTC 2018


Bug: https://bugs.openjdk.java.net/browse/JDK-8204055
webrev: http://cr.openjdk.java.net/~dholmes/8204055/webrev/


The SEGV was introduced with the fuzzy matching flag logic refactoring 
in JDK-8198554. In:

double StringUtils::similarity(const char* str1, size_t len1, const
                                char* str2, size_t len2) {
   size_t total = len1 + len2;

   size_t hit = 0;
   for (size_t i = 0; i < len1 - 1; i++) {
     for (size_t j = 0; j < len2 - 1; j++) {
       if ((str1[i] == str2[j]) && (str1[i+1] == str2[j+1])) {
         ++hit;
         break;
       }
     }
   }

If len2 is zero (which it is in this case) we have passed it as an 
unsigned size_t, so len2-1 gives a massive positive value and so we 
enter the loop and try to access str2[n] for some n>0 and we get a SEGV.

The original code had:

- for (int j = 0; j < (int) len2 -1; ++j) {

so the huge positive value reverted to a small negative value and we 
don't enter the loop.

The fix applied is to check explicitly for lengths of zero.

Added missing testcases to:

test/hotspot/gtest/logging/test_logConfiguration.cpp
test/hotspot/jtreg/runtime/CommandLine/UnrecognizedVMOption.java

verified they both crash before the fix.

Testing (in progress): tier1,2,3 per mach5 CI

Thanks,
David


More information about the hotspot-runtime-dev mailing list