RFR: 8358706: Integer overflow with -XX:MinOopMapAllocation=-1
Casper Norrbin
cnorrbin at openjdk.org
Mon Dec 1 14:30:58 UTC 2025
On Mon, 1 Dec 2025 14:12:35 GMT, Paul Hübner <phubner at openjdk.org> wrote:
>> Hi everyone,
>>
>> Passing a negative value to `-XX:MinOopMapAllocation` could trigger an integer overflow. This value is used as the initial size for the `OopMap` `GrowableArray` list inside `OopMapSet`. Negative inputs hits an assert when allocating for `GrowableArray`. Restricting this flag to positive values ensures we get a clear error message instead of a crash.
>>
>> Testing:
>> - Oracle tier 1
>> - Local tests with `-XX:MinOopMapAllocation=x`, covering both valid and invalid values.
>
> src/hotspot/share/runtime/globals.hpp line 1674:
>
>> 1672: \
>> 1673: /* new oopmap storage allocation */ \
>> 1674: develop(intx, MinOopMapAllocation, 8, \
>
> Shouldn't we also make this an `int` while we're at it since a `GrowableArray`'s length is kept as an `int`?
Sure, I could change the type as well.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28576#discussion_r2577310164
More information about the hotspot-runtime-dev
mailing list