RFR: 8374343: Fix SIGSEGV when lib/modules is unreadable

Ioi Lam iklam at openjdk.org
Wed Jan 14 06:21:42 UTC 2026 

On Wed, 24 Dec 2025 16:06:30 GMT, Boris Ulasevich <bulasevich at openjdk.org> wrote:

> The JVM crashes with a SIGSEGV during startup if the runtime image (lib/modules) exists but is unreadable. In this scenario, ClassLoader::get_jrt_entry() returns nullptr, leading to a crash. This change adds a null check to avoid the dereference and bail out gracefully.

I agree with David's earlier comment. We must limit the amount of system integrity checks. Otherwise, we would need to propagate the failure. So what do we do with this function that calls `ClassLoader::get_jrt_entry()`:

https://github.com/openjdk/jdk/blob/b082a390b77fca7134000bfe631f73bfd082bfa1/src/hotspot/share/cds/aotClassLocation.cpp#L453-L458

Do we need to change it to return a boolean to indicate some sort of failure, or do we need to throw a HotSpot exception? In either way, the callers of this function will be affected and soon every function will need to return a boolean or be declared TRAPS.

In HotSpot, we do the system integrity checks early and exit the VM on failures. For example, we already exit the VM if the modules file is removed from `JAVA_HOME`:


$ cd images/jdk/lib
$ mv modules modules.old
$ ../bin/java 
Error occurred during initialization of VM
Failed setting boot class path.


The same should be done if the modules file is expected to exist but cannot be opened:


--- a/src/hotspot/share/classfile/classLoader.cpp
+++ b/src/hotspot/share/classfile/classLoader.cpp
@@ -1418,6 +1418,10 @@ char* ClassLoader::lookup_vm_options() {
   jio_snprintf(modules_path, JVM_MAXPATHLEN, "%s%slib%smodules", Arguments::get_java_home(), fileSep, fileSep);
   JImage_file =(*JImageOpen)(modules_path, &error);
   if (JImage_file == nullptr) {
+    if (Arguments::has_jimage()) {
+      // The modules file exists but is unreadable or corrupt
+      vm_exit_during_initialization(err_msg("Unable to load %s", modules_path));
+    }
     return nullptr;
   }

-------------

Changes requested by iklam (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28982#pullrequestreview-3659042986

More information about the hotspot-runtime-dev mailing list