RFR(S): 8224853: CDS address sanitizer errors
Nick Gasson
nick.gasson at arm.com
Fri May 31 08:35:12 UTC 2019
Hi,
Please review this fix for an error building with --enable-asan on
AArch64 (I believe it also affects x86).
Bug: https://bugs.openjdk.java.net/browse/JDK-8224853
Webrev: http://cr.openjdk.java.net/~ngasson/8224853/webrev.0/
This error is reported in java_lang_Class::serialize_offsets:
=================================================================
==46583==ERROR: AddressSanitizer: global-buffer-overflow on address
0xffffb8864f60 at pc 0xffffb4c57474 bp 0xffffa0bfd420 sp 0xffffa0bfd438
READ of size 4 at 0xffffb8864f60 thread T7 (VM Thread)
#0 0xffffb4c57473 in WriteClosure::do_u4(unsigned int*)
/home/nicgas01/jdk/src/hotspot/share/memory/metaspaceShared.hpp:124
#1 0xffffb57d4bf7 in
java_lang_Class::serialize_offsets(SerializeClosure*)
/home/nicgas01/jdk/src/hotspot/share/classfile/javaClasses.cpp:1569
[...]
0xffffb8864f61 is located 0 bytes to the right of global variable
'offsets_computed' defined in
'/home/nicgas01/jdk/src/hotspot/share/classfile/javaClasses.cpp:1539:6'
(0xffffb8864f60) of size 1
The variable `offsets_computed' is a bool which we take the address of
and cast to a u4* then pass to WriteClosure::do_u4. But sizeof(bool) is
implementation defined and on AArch64 and x86_64 it is only one
byte. Currently this is harmless because offsets_computed is followed by
three bytes of padding before an int, but if someone added another bool
global variable immediately after offsets_computed we could get some
very obscure bugs.
This patch just loads offsets_computed into a u4 before calling
WriteClosure::do_u4. Also fixed the same issue for the serialisation of
`initialized'.
Thanks,
Nick
More information about the hotspot-runtime-dev
mailing list