8360664: Null pointer dereference in src/hotspot/share/prims/jvmtiTagMap.cpp in IterateOverHeapObjectClosure::do_object() #26002
Conversation
|
👋 Welcome back asemenov! A progress list of the required criteria for merging this PR into |
|
@savoptik This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 72 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
openjdk
bot
changed the title
openjdk
bot
added
serviceability
Webrevs
|
|
/issue add 8360670 |
|
@savoptik |
…ap.cpp in IterateOverHeapObjectClosure::do_object() Found by Linux Verification Center (linuxtesting.org) with SVACE. signed-off-by: Artem Semenov <savoptik@altlinux.org>
savoptik
force-pushed
the
asemenov/JDK-8360664
branch
from
ee6a0ff to
e69c49c
Compare
|
@savoptik Please do not rebase or force-push to an active PR as it invalidates existing review comments. Note for future reference, the bots always squash all changes into a single commit automatically as part of the integration. See OpenJDK Developers’ Guide for more information. |
|
It's concerning that we don't have tests cases that uncover these bugs. Perhaps it's not actually possible for NULL to be passed when constructing CallbackWrapper. |
There was a problem hiding this comment.
I think this is a false positive from the static code analyzer. If we are iterating over the heap then the closure is only ever passed actual oops, so it can't be null.
At most I would add an assert, but generally my understanding is that the user of any closure has the responsibility of passing it valid input.
Adding asserts sounds like a good suggestion. |
|
I'm a little bit confused why we have twp bugs for this issue. |
It seems to me that this won’t be a big problem in this form. I’ve just moved the existing check higher up, where it will prevent dereferencing a null pointer. However, if you confirm that this is not acceptable, I will replace the check with assert. |
I think it is a matter of having the code accurately document the input requirements. Checking for null and returning makes it look like passing null is ok and might happen. That's not the case though. It should never happen and adding an assert properly documents this. |
|
|
||
| // invoked for each object in the heap | ||
| void IterateOverHeapObjectClosure::do_object(oop o) { | ||
| assert(o != nullptr, "Parameter 'o' must not be null!"); |
There was a problem hiding this comment.
| assert(o != nullptr, "Parameter 'o' must not be null!"); | |
| assert(o != nullptr, "Heap iteration should never produce null"); |
Same with the other assertion please. Though as @plummercj states I don't see how this will help with the static analysis tool.
There was a problem hiding this comment.
Same with the other assertion please. Though as @plummercj states I don't see how this will help with the static analysis tool.
done.
|
/summary |
|
@savoptik Setting summary to: |
|
Is it a specific requirement to create a separate bug for each complain? Normally, one bug for both has to be enough. One bug would be even enough for multiple complains in several files of the same development area. |
Thanks! |
TNX |
|
I'm suggesting to close JDK-8360670 as a dup of JDK-8360664. |
Ok. |
|
/issue remove 8360670 |
|
@savoptik |
|
@alexmenkov @plummercj @dholmes-ora do you mind the integration? |
|
I'm fine with the fix, the only question if it helps with the analysis tool. |
|
Same here. I just don't want to see the CR refiled if the analysis tool still complains. |
|
/integrate |
|
Going to push as commit e9a4341.
Your commit was automatically rebased without conflicts. |
openjdk
bot
removed
ready
5 participants
The defect has been detected and confirmed in the function
IterateOverHeapObjectClosure::do_object()located in the filesrc/hotspot/share/prims/jvmtiTagMap.cppwith static code analysis. This defect can potentially lead to a null pointer dereference.The pointer
oop ois passed to the constructor of the CallbackWrapper class, where it is dereferenced without a null check.Progress
Issue
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/26002/head:pull/26002$ git checkout pull/26002Update a local copy of the PR:
$ git checkout pull/26002$ git pull https://git.openjdk.org/jdk.git pull/26002/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 26002View PR using the GUI difftool:
$ git pr show -t 26002Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/26002.diff
Using Webrev
Link to Webrev Comment