RFR: 8374343: Fix SIGSEGV when lib/modules is unreadable

[Boris Ulasevich]

On Wed, 24 Dec 2025 16:06:30 GMT, Boris Ulasevich <bulasevich at openjdk.org> wrote:

> The JVM crashes with a SIGSEGV during startup if the runtime image (lib/modules) exists but is unreadable. In this scenario, ClassLoader::get_jrt_entry() returns nullptr, leading to a crash. This change adds a null check to avoid the dereference and bail out gracefully.

> > if the runtime image (lib/modules) exists but is unreadable.
> 
> AOT aside, does this scenario cause problems elsewhere? The JDK has to work with both images and interim exploded builds. I'm wondering if other parts of the runtime will assume an exploded build (and fail) if lib/modules is not accessile.

> The JDK has to work with both images and interim exploded builds. I'm wondering if other parts of the runtime will assume an exploded build (and fail) if lib/modules is not accessile.

The change is fail-fast: when lib/modules exists but is unreadable, we now report a clear error and exit cleanly instead of crashing:
``` $ ./build/macosx-aarch64-server-release/images/jdk/bin/java
 [0.032s][warning][class,path] Runtime image (modules) is unreadable or missing - validation failed
 Error occurred during initialization of VM
 java/lang/NoClassDefFoundError: java/lang/Object


I checked also the interim exploded build case. With broken permissions on lib/modules, there is no SIGSEGV or undefined behavior; the runtime reports an error and exits cleanly.

Let me know if you have a concrete failure scenario in mind. I will check it.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28982#issuecomment-3691652229