RFR: JDK-8263558: Possible NULL dereference in fast path arena free if ZapResourceArea is true [v5]

Thomas Stuefe stuefe at openjdk.java.net
Fri Mar 19 16:50:53 UTC 2021


On Thu, 18 Mar 2021 04:44:13 GMT, Thomas Stuefe <stuefe at openjdk.org> wrote:

>> src/hotspot/share/memory/arena.cpp line 369:
>> 
>>> 367: void *Arena::Arealloc(void* old_ptr, size_t old_size, size_t new_size, AllocFailType alloc_failmode) {
>>> 368:   if (new_size == 0) return NULL;
>>> 369:   if (old_ptr == NULL) {
>> 
>> If we're being consistent with realloc, probably should test this first, then for new_size == 0 (-> Afree, see above), then the rest.
>
> You are right, I thought so too. I would prefer to handle it as I wrote above (size==0 -> size=1).
> 
> (side note, I would love to rewrite the arena coding; either that or throw it away and reuse the existing Metaspace implementation instead for Arenas/RA. Metaspaces are Arenas too, they do the same thing, but Metaspace is a lot more evolved, and I am biased toward its code quality oc :)

I fixed this by calling Afree in case new_size is 0. Note that Afree is a noop if the pointer is NULL.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2995


More information about the hotspot-runtime-dev mailing list