RFR: 8366062: [ubsan] add non-zero offset to nullptr in cds/archiveBuilder.cpp [v6]
Ioi Lam
iklam at openjdk.org
Wed Oct 22 22:18:36 UTC 2025
On Tue, 21 Oct 2025 13:39:38 GMT, Afshin Zafari <azafari at openjdk.org> wrote:
>> The error for this is:
>>
>> ----------System.err:(41/4910)----------
>> TEST FAILED: Error processing option SharedBaseAddress with valid value '-server -XX:+UseG1GC -XX:+UnlockDiagnosticVMOptions -XX:SharedArchiveFile=TestOptionsWithRanges.jsa -Xshare:dump -XX:SharedBaseAddress=0'! JVM exited with unexpected error code = 134 [0x86]
>> stdout content[]
>> stderr content[/Users/afshin/scratch/8366062_ubsan_nullptr_plus_nz_offset/src/hotspot/share/cds/archiveBuilder.cpp:1036:61: runtime error: applying non-zero offset 3723624 to null pointer
>> #0 0x10930c0a4 in ArchiveBuilder::offset_to_buffered_address(unsigned int) const archiveBuilder.cpp:1036
>> #1 0x1095ce694 in RunTimeClassInfo::enum_klass_static_fields_addr() const runTimeClassInfo.hpp:163
>> #2 0x10a9337b4 in RunTimeClassInfo::init(DumpTimeClassInfo&) runTimeClassInfo.cpp:75
>> #3 0x10ab2af34 in CopySharedClassInfoToArchive::do_entry(InstanceKlass*, DumpTimeClassInfo&) systemDictionaryShared.cpp:1296
>> #4 0x10ab2abb4 in void DumpTimeSharedClassTable::iterate_all_live_classes<void DumpTimeSharedClassTable::iterate_all_live_classes<CopySharedClassInfoToArchive>(CopySharedClassInfoToArchive*) const::'lambda'(InstanceKlass*, DumpTimeClassInfo&)>(CopySharedClassInfoToArchive) const::'lambda'(InstanceKlass*, DumpTimeClassInfo&)::operator()(InstanceKlass*, DumpTimeClassInfo&) const dumpTimeClassInfo.inline.hpp:51
>> #5 0x10ab2a9f4 in void HashTableBase<FixedHashTableStorage<15889u, InstanceKlass*, DumpTimeClassInfo>, InstanceKlass*, DumpTimeClassInfo, (AnyObj::allocation_type)2, (MemTag)13, &unsigned int DumpTimeSharedClassTable_hash<InstanceKlass>(InstanceKlass* const&), &bool primitive_equals<InstanceKlass*>(InstanceKlass const&, InstanceKlass const&)>::iterate<void HashTableBase<FixedHashTableStorage<15889u, InstanceKlass*, DumpTimeClassInfo>, InstanceKlass*, DumpTimeClassInfo, (AnyObj::allocation_type)2, (MemTag)13, &unsigned int DumpTimeSharedClassTable_hash<InstanceKlass>(InstanceKlass* const&), &bool primitive_equals<InstanceKlass*>(InstanceKlass const&, InstanceKlass const&)>::iterate_all<void DumpTimeSharedClassTable::iterate_all_live_classes<void DumpTimeSharedClassTable::iterate_all_live_classes<CopySharedClassInfoToArchive>(InstanceKlass*) const::'lambda'(InstanceKlass*, DumpTimeClassInfo&)>(InstanceKlass) const::'lambda'(InstanceKlass*, DumpTimeClassInfo&)>(InstanceKlass) con
st::'lambda'(InstanceKlass*&, DumpTimeClassInfo&)>(InstanceKlass) const hashTable.hpp:273
>> #6 0x...
>
> You may already noticed that the root of all these UB complains is the option `-XX:SharedBaseAddress` as zero which is a corner case.
Sorry, my suggested fix had a typo:
address ArchiveBuilder::offset_to_buffered_address(u4 offset) const {
- address requested_addr = _requested_static_archive_bottom + offset;
- address buffered_addr = requested_addr - _buffer_to_requested_delta;
+ address buffered_addr = _buffer_bottom + offset;
This way this function will not depend on `-XX:SharedBaseAddress`
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26983#discussion_r2453470972
More information about the hotspot-runtime-dev
mailing list