RFR: JDK-8263558: Possible NULL dereference in fast path arena free if ZapResourceArea is true

Kim Barrett kbarrett at openjdk.java.net
Sun Mar 14 19:24:08 UTC 2021


On Sun, 14 Mar 2021 06:09:26 GMT, Thomas Stuefe <stuefe at openjdk.org> wrote:

> Trivial.
> 
> Sonarcloud reports a possible NULL dereference when zapping the to-be-freed area in fast-path arena free. Possible call stack for this to happen starts in Node::destruct(PhaseValues* phase).

src/hotspot/share/memory/arena.hpp line 188:

> 186:   bool Afree(void *ptr, size_t size) {
> 187: #ifdef ASSERT
> 188:     if (ZapResourceArea && ptr != NULL) {

The pointer arithmetic on line 193 is UB if ptr is nullptr (though it's unlikely anyone checks), so either Afree has `ptr != nullptr` as an (unstated) precondition or there are potentially more problems than the memset.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2995


More information about the hotspot-runtime-dev mailing list