RFR: JDK-8263558: Possible NULL dereference in fast path arena free if ZapResourceArea is true [v4]
Thomas Stuefe
stuefe at openjdk.java.net
Wed Mar 17 05:29:06 UTC 2021
On Tue, 16 Mar 2021 07:03:02 GMT, Thomas Stuefe <stuefe at openjdk.org> wrote:
>> Thanks @coleenp and @kimbarrett . However, as I feared, with the assert alone I now see it firing both in our nightlies at SAP and in the GAs in compiler tests.
>>
>> Which is cool in a way since this is the first time SonarCloud reported anything demonstrably real.:) I'll take a look at the crashes and modify the patch.
>
> I changed the patch to provide the same semantics on passed old ptr == NULL as standard `free(3)` and `realloc(3)` have. Which is to ignore it (free) or to revert to malloc (realloc).
>
> The culprit in this case - calling realloc with a NULL pointer - was aot, `ImplicitExceptionTable::append( uint exec_off, uint cont_off )`.
>
> I considered fixing the caller, but I am used to the C-runtime semantics in free and realloc, and it looks like others are too; so this is the least surprising behavior for a realloc-like function.
>
> Also, this fixes the subtle bug where, when passing NULL to Arealloc, we would return "false" to indicate that we have a lossfull realloc. The only case I can see where the return value was actually used was in `SymbolTable::delete_symbol()` which would print something about leaked symbols in that case. I did not investigate whether this has any practical relevance.
Coleen, Kim, are you fine with this latest version? Thanks!
-------------
PR: https://git.openjdk.java.net/jdk/pull/2995
More information about the hotspot-runtime-dev
mailing list