Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4153825

VM crash when len argument of ClassLoader.defineClass() is negative.

XMLWordPrintable

    • 1.2fcs
    • sparc
    • solaris_2.4
    • Verified



      Name: akC45999 Date: 07/01/98



      Attached test shows what negative value of len argument in invocation of method
      ClassLoader.defineClass(String name, bute[] b, int off, int len) lead to VM crush.
      This effect is observed only in case pretty large negative value of len.

      --------------------------------- userDefined00403.java

      public class userDefined00403 {

        public static void main(String argv[]) {

      KlassLoader klassLoader = new KlassLoader();
        klassLoader.testMethod();
        }
      }
       
      ----------------------------------

      class KlassLoader extends ClassLoader {

        void testMethod() {
      byte data[] = new byte[0];
        defineClass("", data, 0, -10000);
        }
      }

      ------------------------------------- dotest

      #!/bin/sh
      TESTCLASSES=/opt/home/testclasses
      CLASSPATH=$TESTCLASSES
      export CLASSPATH

      javac -d $TESTCLASSES userDefined00403.java
      java -verify userDefined00403;
      echo res=$?

      ----------------------------------------
      Running the test:

      novo48% dotest
      SIGSEGV 11* segmentation violation
          si_signo [11]: SIGSEGV 11* segmentation violation
          si_errno [0]: Error 0
          si_code [1]: SEGV_MAPERR [addr: 0x183218]

      stackpointer=EFFFF244

      Full thread dump:
          "Finalizer" (TID:0xebc994e0, sys_thread_t:0x5c958, state:CW) prio=8
      at java.lang.Object.wait(Native Method)
      at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:113)
      at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:128)
      at java.lang.ref.Finalizer$FinalizerThread.run(Finalizer.java:128)
          "Reference Handler" (TID:0xebc99570, sys_thread_t:0x74c00, state:CW) prio=10
      at java.lang.Object.wait(Native Method)
      at java.lang.Object.wait(Object.java:303)
      at java.lang.ref.Reference$ReferenceHandler.run(Reference.java:209)
          "Signal dispatcher" (TID:0xebc995a8, sys_thread_t:0x66168, state:CW) prio=10
          "main" (TID:0xebc99408, sys_thread_t:0x28590, state:R) prio=5 *current thread*
      at java.lang.ClassLoader.defineClass0(Native Method)
      at java.lang.ClassLoader.defineClass(Compiled Code)
      at KlassLoader.testMethod(Compiled Code)
      at test.main(Compiled Code)
      Monitor Cache Dump:
      Registered Monitor Dump:
          PCMap lock: <unowned>
          utf8 hash table: <unowned>
          JNI pinning lock: <unowned>
          JNI global reference lock: <unowned>
          BinClass lock: <unowned>
          Class linking lock: <unowned>
          System class loader lock: <unowned>
          Code rewrite lock: <unowned>
          Heap lock: <unowned>
          Dynamic loading lock: <unowned>
          Monitor IO lock: <unowned>
          User signal monitor: <unowned>
      Waiting to be notified:
      "Signal dispatcher" (0x66168)
          Child death monitor: <unowned>
          I/O monitor: <unowned>
          Alarm monitor: <unowned>
      Waiting to be notified:
      Internal clock thread (ef7a0dd8)
          Thread queue lock: <unowned>
          Monitor registry: owner "main" (0x28590, 1 entry)
      Segmentation Fault - core dumped
      res=139
      novo48%

      ======================================================================

      ======================================================================

            sliangsunw Sheng Liang (Inactive)
            rfqsunw Rfq Rfq (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: