-
Bug
-
Resolution: Fixed
-
P3
-
6
-
b62
-
x86
-
generic
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2131876 | 5.0u7 | Coleen Phillimore | P2 | Closed | Fixed | b01 |
The attached test case shows a bug in null check handling in HotSpot. The original problem was reported by the LWJGL team in the following two threads:
http://lwjgl.org/forum/viewtopic.php?t=1287
http://www.javagaming.org/forums/index.php?topic=11255.0
The test case, which should throw a NullPointerException, crashes the JVM on Solaris/x86 as far back as 1.4.0 and on Windows as far back as 1.5.0, though it doesn't seem to appear on SPARC platforms (with this test case, although a crash could probably be provoked with a larger object). The problem is that HotSpot is generating implicit null checks for a field dereference in a large object and the field offset is larger than the page size. HotSpot's signal handler only treats faults on the zero page as implicit null checks and changes in the explicit null check mechanism on various platforms (specifically, removal of explicit null check support in some places) have opened up this possibility of a crash. The interpreter and both compilers appear to be vulnerable to this problem.
http://lwjgl.org/forum/viewtopic.php?t=1287
http://www.javagaming.org/forums/index.php?topic=11255.0
The test case, which should throw a NullPointerException, crashes the JVM on Solaris/x86 as far back as 1.4.0 and on Windows as far back as 1.5.0, though it doesn't seem to appear on SPARC platforms (with this test case, although a crash could probably be provoked with a larger object). The problem is that HotSpot is generating implicit null checks for a field dereference in a large object and the field offset is larger than the page size. HotSpot's signal handler only treats faults on the zero page as implicit null checks and changes in the explicit null check mechanism on various platforms (specifically, removal of explicit null check support in some places) have opened up this possibility of a crash. The interpreter and both compilers appear to be vulnerable to this problem.
- backported by
-
JDK-2131876 Implicit null checks on large objects cause JVM crash
-
- Closed
-