RFR: 8302218: CHeapBitMap::free frees with incorrect size
Ioi Lam
iklam at openjdk.org
Mon May 22 16:32:55 UTC 2023
On Mon, 22 May 2023 12:04:58 GMT, Daohan Qu <duke at openjdk.org> wrote:
> This patch should fix [JDK-8302218](https://bugs.openjdk.org/browse/JDK-8302218).
>
> In destructor of `CHeapBitMap`, it invokes `free()` to free allocated memory:
> https://github.com/openjdk/jdk/blob/b3cb82b859d22b18343d125349a5aebc0afb8576/src/hotspot/share/utilities/bitMap.cpp#L133-L135
>
> `free()`'s argument should be size in words, according to:
> https://github.com/openjdk/jdk/blob/b3cb82b859d22b18343d125349a5aebc0afb8576/src/hotspot/share/utilities/bitMap.cpp#L141-L143
>
> But the destructor pass the argument of `size()` (which returns `_size`). It is "size in bits" according to
> https://github.com/openjdk/jdk/blob/b3cb82b859d22b18343d125349a5aebc0afb8576/src/hotspot/share/utilities/bitMap.hpp#L63-L65
>
> Instead, it should use the return value of `size_in_words()` to invoke `free()`.
>
> Once `ArrayAllocatorMallocLimit` option is set, `munmap()` may be used by `free()`, which does use the size argument and this may cause crash.
>
> I have tested this patch for tier 1-3 on x86-64 linux.
> > I have filed [https://bugs.openjdk.org/browse/JDK-8308575 for](https://bugs.openjdk.org/browse/JDK-8308575%C2%A0for) removing this flag.
>
> Great, maybe I could also help with it. I don't use this flag in production myself.
Actually there's already a bug filed for the same issue. See https://bugs.openjdk.org/browse/JDK-8299915 and https://github.com/openjdk/jdk/pull/11931
-------------
PR Comment: https://git.openjdk.org/jdk/pull/14079#issuecomment-1557540812
More information about the hotspot-runtime-dev
mailing list