RFR: 8365526: Crash with null Symbol passed to SystemDictionary::resolve_or_null [v5]

Johan Sjölen jsjolen at openjdk.org
Mon Nov 24 19:35:56 UTC 2025 

On Mon, 24 Nov 2025 18:40:22 GMT, Coleen Phillimore <coleenp at openjdk.org> wrote:

>> The vm was crashing because the constant pool couldn't find the resolution error in the ResolutionErrorEntry error field.
>> 
>> There are two uses of ResolutionErrorEntry in the ResolutionErrorTable.  The key to this table is {ConstantPool, cp-index}.   In this crash, multiple threads were racing to record nest_host_errors in the case where resolution failed.  In this case, there was already a ResolutionErrorEntry in the table for the constant pool resolution failure.  In the 'if' case of add_nest_host_error we check to see if there's already a nest_host_error assuming it's the same error, then the 'else' case was unconditionally adding a ResolutionErrorEntry with just the nest host message.  Calling HashTable::put() with this entry with just the nest host message, was overwriting the entry with the constant pool resolution error, ie. the other fields.  The crash happened in ConstantPool::throw_resolution_error() because the error field was overwritten (and leaked too).
>> 
>> Add a null check before calling ResolutionErrorEntry add entry.  Also added an assert that we only add a resolution error for nest host errors in the case of success since in the case of failure there will always already be a ResolutionErrorEntry for the failing constant pool and cp index and we don't want to overwrite that again.
>> 
>> Tested with submitted reproducer and tier1-4.
>
> Coleen Phillimore has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Use put_when_absent and add an assert that the message is the same.

The bug fix seems good, but it seems like this code leaks?

src/hotspot/share/classfile/resolutionErrors.cpp line 76:

> 74:   ResolutionErrorKey key(pool(), cp_index);
> 75:   ResolutionErrorEntry *entry = new ResolutionErrorEntry(error, message, cause, cause_msg);
> 76:   _resolution_error_table->put(key, entry);

This is surely leaking the ResolutionErrorEntry if the key is already present?

src/hotspot/share/classfile/resolutionErrors.cpp line 88:

> 86:   ResolutionErrorKey key(pool(), cp_index);
> 87:   ResolutionErrorEntry *entry = new ResolutionErrorEntry(message);
> 88:   _resolution_error_table->put(key, entry);

Same leak here

-------------

PR Review: https://git.openjdk.org/jdk/pull/28438#pullrequestreview-3501943559
PR Review Comment: https://git.openjdk.org/jdk/pull/28438#discussion_r2557489835
PR Review Comment: https://git.openjdk.org/jdk/pull/28438#discussion_r2557490448

More information about the hotspot-runtime-dev mailing list