Skip to content

Fix ASan heap-buffer-overflow in signal handlers #337

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jbachorik merged 1 commit into from
Jan 23, 2026
Merged

Fix ASan heap-buffer-overflow in signal handlers #337

jbachorik merged 1 commit into from
Jan 23, 2026
+7 −6

Conversation

@jbachorik
Copy link
Collaborator

@jbachorik jbachorik commented Jan 21, 2026
edited
Loading

What does this PR do?:

Use SafeAccess for signal-handler memory reads in vmStructs.h to prevent crashes when reading from partially initialized thread structures during GC worker thread creation.

Motivation:

Fixes ASan heap-buffer-overflow errors in CI where the CTimer signal handler was delivering signals to newly created GC worker threads before their VMThread structure was fully initialized. The TLS pointer returned a valid address but offset calculations resulted in reading memory before the allocated region ("72 bytes to the left").

Additional Notes:

While doing this change I took a sweep on other signal-handler-accessible methods where SafeAccess makes sense:

  • VMThread::state() - Uses SafeAccess::load32()
  • VMThread::inDeopt() - Uses SafeAccess::loadPtr()
  • JavaFrameAnchor::lastJavaSP() - Uses SafeAccess::loadPtr()
  • JavaFrameAnchor::lastJavaFP() - Uses SafeAccess::loadPtr()
  • JavaFrameAnchor::lastJavaPC() - Uses SafeAccess::loadPtr()
  • JavaFrameAnchor::fromEntryFrame() - Uses SafeAccess::loadPtr()

How to test the change?:

For Datadog employees:

  • If this PR touches code that signs or publishes builds or packages, or handles
    credentials of any kind, I've requested a review from @DataDog/security-design-and-guidance.
  • This PR doesn't touch any of that.

🤖 Generated with Claude Code

@jbachorik @claude
Use SafeAccess for signal-handler memory reads in vmStructs.h
54a4f9a 
Protect methods called from signal handlers against partially
initialized thread structures during GC worker thread creation.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@jbachorik jbachorik added the AI label Jan 21, 2026
@dd-octo-sts
Copy link

dd-octo-sts bot commented Jan 21, 2026

Scan-Build Report

User:runner@runnervmmtnos
Working Directory:/home/runner/work/java-profiler/java-profiler/ddprof-lib/src/test/make
Command Line:make -j4 clean all
Clang Version:Ubuntu clang version 18.1.3 (1ubuntu1)
Date:Wed Jan 21 18:50:35 2026

Bug Summary

Bug TypeQuantityDisplay?
All Bugs10
Unused code
Dead assignment2
Dead initialization7
Dead nested assignment1

Reports

Bug Group Bug Type ▾ File Function/Method Line Path Length
Unused codeDead assignmentlibraryPatcher_linux.cpppatch_library_unlocked931
Unused codeDead assignmentstackWalker.cppwalkVM5511
Unused codeDead initializationjavaApi.cppJava_com_datadoghq_profiler_JavaProfiler_getStatus01191
Unused codeDead initializationprofiler.cpprunInternal16441
Unused codeDead initializationflightRecorder.cppcleanupUnreferencedMethods6581
Unused codeDead initializationflightRecorder.cppcleanupUnreferencedMethods6911
Unused codeDead initializationflightRecorder.cppresolveMethod3511
Unused codeDead initializationjavaApi.cppJava_com_datadoghq_profiler_OTelContext_setProcessCtx04751
Unused codeDead initializationvmStructs_dd.cppinitOffsets561
Unused codeDead nested assignmentvmStructs_dd.cppcheckNativeBinding3881

@jbachorik jbachorik marked this pull request as ready for review January 21, 2026 19:10
@jbachorik jbachorik requested a review from a team as a code owner January 21, 2026 19:10
@dd-octo-sts
Copy link

dd-octo-sts bot commented Jan 21, 2026

Scan-Build Report

User:runner@runnervmmtnos
Working Directory:/home/runner/work/java-profiler/java-profiler/ddprof-lib/src/test/make
Command Line:make -j4 clean all
Clang Version:Ubuntu clang version 18.1.3 (1ubuntu1)
Date:Wed Jan 21 19:22:20 2026

Bug Summary

Bug TypeQuantityDisplay?
All Bugs10
Unused code
Dead assignment2
Dead initialization7
Dead nested assignment1

Reports

Bug Group Bug Type ▾ File Function/Method Line Path Length
Unused codeDead assignmentlibraryPatcher_linux.cpppatch_library_unlocked931
Unused codeDead assignmentstackWalker.cppwalkVM5511
Unused codeDead initializationjavaApi.cppJava_com_datadoghq_profiler_JavaProfiler_getStatus01191
Unused codeDead initializationprofiler.cpprunInternal16441
Unused codeDead initializationflightRecorder.cppcleanupUnreferencedMethods6581
Unused codeDead initializationflightRecorder.cppcleanupUnreferencedMethods6911
Unused codeDead initializationflightRecorder.cppresolveMethod3511
Unused codeDead initializationjavaApi.cppJava_com_datadoghq_profiler_OTelContext_setProcessCtx04751
Unused codeDead initializationvmStructs_dd.cppinitOffsets561
Unused codeDead nested assignmentvmStructs_dd.cppcheckNativeBinding3881

@dd-octo-sts
Copy link

dd-octo-sts bot commented Jan 21, 2026

Scan-Build Report

User:runner@runnervmmtnos
Working Directory:/home/runner/work/java-profiler/java-profiler/ddprof-lib/src/test/make
Command Line:make -j4 clean all
Clang Version:Ubuntu clang version 18.1.3 (1ubuntu1)
Date:Wed Jan 21 19:46:58 2026

Bug Summary

Bug TypeQuantityDisplay?
All Bugs10
Unused code
Dead assignment2
Dead initialization7
Dead nested assignment1

Reports

Bug Group Bug Type ▾ File Function/Method Line Path Length
Unused codeDead assignmentlibraryPatcher_linux.cpppatch_library_unlocked931
Unused codeDead assignmentstackWalker.cppwalkVM5511
Unused codeDead initializationjavaApi.cppJava_com_datadoghq_profiler_JavaProfiler_getStatus01191
Unused codeDead initializationprofiler.cpprunInternal16441
Unused codeDead initializationflightRecorder.cppcleanupUnreferencedMethods6581
Unused codeDead initializationflightRecorder.cppcleanupUnreferencedMethods6911
Unused codeDead initializationflightRecorder.cppresolveMethod3511
Unused codeDead initializationjavaApi.cppJava_com_datadoghq_profiler_OTelContext_setProcessCtx04751
Unused codeDead initializationvmStructs_dd.cppinitOffsets561
Unused codeDead nested assignmentvmStructs_dd.cppcheckNativeBinding3881

r1viollet
r1viollet approved these changes Jan 22, 2026
View reviewed changes
Copy link
Contributor

@r1viollet r1viollet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jbachorik jbachorik merged commit 7fad21b into main Jan 23, 2026
365 of 368 checks passed
@jbachorik jbachorik deleted the jb/asan branch January 23, 2026 08:39
@github-actions github-actions bot added this to the 1.37.0 milestone Jan 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rkennke rkennke rkennke approved these changes

@r1viollet r1viollet r1viollet approved these changes

Assignees

No one assigned

Labels

AI

Projects

None yet

Milestone

1.37.0

Development

Successfully merging this pull request may close these issues.

4 participants

@jbachorik @rkennke @r1viollet