RFR: 8302218: CHeapBitMap::free frees with incorrect size
Ioi Lam
iklam at openjdk.org
Mon May 22 16:09:50 UTC 2023
On Mon, 22 May 2023 13:56:37 GMT, Daohan Qu <duke at openjdk.org> wrote:
>> Fix looks good.
>>
>> Wonder if there is any value in adding a test which lowers ArrayAllocatorMallocLimit to verify that this is working, and that the bug is not reintroduced.
>
> Thanks for your review @xmas92.
>
>> Wonder if there is any value in adding a test which lowers ArrayAllocatorMallocLimit to verify that this is working, and that the bug is not reintroduced.
>
> IMHO, exploiting this bug to crack VM is a little bit hard. This bug may cause crash because:
>
> 1. `size_in_bits` is larger than `size_in_words`, which causes `munmap` to unmap more memory regions that what is wanted
> 2. and following execution may accidentally touch the unmapped regions (this could be hard to trigger)
>
> I think this is a bug that may cause crashes unexpectedly someday and need to be fixed.
@quadhier Do you actually use `ArrayAllocatorMallocLimit` in production? According to comments when this flag was added, it was intended for Solaris only, and the flag has remained an experimental option for the past 10 years.
I have filed https://bugs.openjdk.org/browse/JDK-8308575 for removing this flag.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/14079#issuecomment-1557500586
More information about the hotspot-runtime-dev
mailing list