RFR: 8366062: [ubsan] add non-zero offset to nullptr in cds/archiveBuilder.cpp [v6]

Tue Oct 21 13:27:43 UTC 2025

On Mon, 20 Oct 2025 16:56:44 GMT, Ioi Lam <iklam at openjdk.org> wrote:

>> Afshin Zafari has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   fix after wrong merge.
>
> src/hotspot/share/cds/archiveBuilder.cpp line 1116:
> 
>> 1114:     // As zero is allowed for new_bottom, use integer arithmetic to avoid UB pointer arithmetic.
>> 1115:     address new_bottom = (address)((uintptr_t)bottom + _buffer_to_requested_delta);
>> 1116:     address new_top = (address)((uintptr_t)top + _buffer_to_requested_delta);
> 
> Have you see an actual ubsan error in here?
> 
> `bottom` and `top` are never zeros, as they are from the actually allocated spaces in the output buffer.
> 
> `new_top` should never be zero as we don't archive zero-sized objects.
> 
> I think `new_bottom` will also never be zero as offset zero of the buffer does not contain a valid object, so we will never encode this location into an offset.

For this line, the UB is non-null ptr + non-zero offset becomes 0, as this output shows:

----------System.err:(32/2579)----------
TEST FAILED: Error processing option SharedBaseAddress with valid value '-server -XX:+UseG1GC -XX:+UnlockDiagnosticVMOptions -XX:SharedArchiveFile=TestOptionsWithRanges.jsa -Xshare:dump -XX:SharedBaseAddress=0'! JVM exited with unexpected error code = 134 [0x86]
stdout content[]
stderr content[/Users/afshin/scratch/8366062_ubsan_nullptr_plus_nz_offset/src/hotspot/share/cds/archiveBuilder.cpp:1104:43: runtime error: applying non-zero offset to non-null pointer 0x0003c0000000 produced null pointer
    #0 0x1076111f8 in RelocateBufferToRequested<true>::RelocateBufferToRequested(ArchiveBuilder*) archiveBuilder.cpp:1104
    #1 0x10760c67c in ArchiveBuilder::relocate_to_requested() archiveBuilder.cpp:1170
    #2 0x1075ec2a0 in AOTMetaspace::write_static_archive(ArchiveBuilder*, FileMapInfo*, ArchiveHeapInfo*) aotMetaspace.cpp:1084
    #3 0x1075eb120 in AOTMetaspace::dump_static_archive_impl(StaticArchiveBuilder&, JavaThread*) aotMetaspace.cpp:1067
    #4 0x1075ea4cc in AOTMetaspace::dump_static_archive(JavaThread*) aotMetaspace.cpp:850
    #5 0x108eb1820 in Threads::create_vm(JavaVMInitArgs*, bool*) threads.cpp:903
    #6 0x10847d40c in JNI_CreateJavaVM jni.cpp:3678
    #7 0x102403a00 in JavaMain java.c:494
    #8 0x10240a400 in ThreadJavaMain java_md_macosx.m:679
    #9 0x19387fbc4 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x6bc4)
    #10 0x19387ab7c in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1b7c)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/afshin/scratch/8366062_ubsan_nullptr_plus_nz_offset/src/hotspot/share/cds/archiveBuilder.cpp:1104:43 in 
]

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/26983#discussion_r2448278581