RFR: JDK-8263558: Possible NULL dereference in fast path arena free if ZapResourceArea is true [v4]
Thomas Stuefe
stuefe at openjdk.java.net
Tue Mar 16 07:06:27 UTC 2021
On Tue, 16 Mar 2021 05:54:02 GMT, Thomas Stuefe <stuefe at openjdk.org> wrote:
>> Looks good.
>
> Thanks @coleenp and @kimbarrett . However, as I feared, with the assert alone I now see it firing both in our nightlies at SAP and in the GAs in compiler tests.
>
> Which is cool in a way since this is the first time SonarCloud reported anything demonstrably real.:) I'll take a look at the crashes and modify the patch.
I changed the patch to provide the same semantics on passed old ptr == NULL as standard `free(3)` and `realloc(3)` have. Which is to ignore it (free) or to revert to malloc (realloc).
The culprit in this case - calling realloc with a NULL pointer - was aot, `ImplicitExceptionTable::append( uint exec_off, uint cont_off )`.
I considered fixing the caller, but I am used to the C-runtime semantics in free and realloc, and it looks like others are too; so this is the least surprising behavior for a realloc-like function.
Also, this fixes the subtle bug where, when passing NULL to Arealloc, we would return "false" to indicate that we have a lossfull realloc. The only case I can see where the return value was actually used was in `SymbolTable::delete_symbol()` which would print something about leaked symbols in that case. I did not investigate whether this has any practical relevance.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2995
More information about the hotspot-runtime-dev
mailing list