Details
-
Bug
-
Resolution: Fixed
-
P4
-
11.0.3, 12, 13
-
b04
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8219258 | 12.0.2 | Yasumasa Suenaga | P4 | Resolved | Fixed | b01 |
JDK-8235282 | 11.0.7-oracle | Yasumasa Suenaga | P4 | Resolved | Fixed | b01 |
JDK-8217242 | 11.0.3 | Yasumasa Suenaga | P4 | Resolved | Fixed | master |
JDK-8240401 | openjdk8u262 | Yasumasa Suenaga | P4 | Resolved | Fixed | team |
Description
https://mail.openjdk.java.net/pipermail/hotspot-jfr-dev/2018-May/000047.html
I tried JFR: `java -XX:StartFlightRecording=dumponexit=true,filename=test.jfr --version` with fastdebug VM, but it crashed.
I uploaded hs_err log here:
http://cr.openjdk.java.net/~ysuenaga/jfr-integer-overflow/hs_err_pid46934.log
I encountered this crash on Fedora 28 x64. VM was built with GCC 8.1 .
I checked core image, and I found possibility of integer overflow in JfrThreadSampler::run().
I paste GDB frame info:
```
(gdb) f 24
#24 0x00007f657a5937b7 in os::naked_short_sleep (ms=9223372036854775807)
at /home/ysuenaga/OpenJDK/jdk/src/hotspot/os/linux/os_linux.cpp:4076
4076 assert(ms < 1000, "Un-interruptable sleep, short time use only");
(gdb) p/x ms
$1 = 0x7fffffffffffffff
```
Frame #24 is an assertion which is caused this crash.
`ms` is max_jlong.
JfrThreadSampler::run() calculates `next_j` and `next_n` to calculate sleep time, but it might be overflowed.
So I think it can be fixed as below:
http://cr.openjdk.java.net/~ysuenaga/jfr-integer-overflow/webrev/
I tried JFR: `java -XX:StartFlightRecording=dumponexit=true,filename=test.jfr --version` with fastdebug VM, but it crashed.
I uploaded hs_err log here:
http://cr.openjdk.java.net/~ysuenaga/jfr-integer-overflow/hs_err_pid46934.log
I encountered this crash on Fedora 28 x64. VM was built with GCC 8.1 .
I checked core image, and I found possibility of integer overflow in JfrThreadSampler::run().
I paste GDB frame info:
```
(gdb) f 24
#24 0x00007f657a5937b7 in os::naked_short_sleep (ms=9223372036854775807)
at /home/ysuenaga/OpenJDK/jdk/src/hotspot/os/linux/os_linux.cpp:4076
4076 assert(ms < 1000, "Un-interruptable sleep, short time use only");
(gdb) p/x ms
$1 = 0x7fffffffffffffff
```
Frame #24 is an assertion which is caused this crash.
`ms` is max_jlong.
JfrThreadSampler::run() calculates `next_j` and `next_n` to calculate sleep time, but it might be overflowed.
So I think it can be fixed as below:
http://cr.openjdk.java.net/~ysuenaga/jfr-integer-overflow/webrev/
Attachments
Issue Links
- backported by
-
JDK-8217242 Possibility of integer overflow in JfrThreadSampler::run()
- Resolved
-
JDK-8219258 Possibility of integer overflow in JfrThreadSampler::run()
- Resolved
-
JDK-8235282 Possibility of integer overflow in JfrThreadSampler::run()
- Resolved
-
JDK-8240401 Possibility of integer overflow in JfrThreadSampler::run()
- Resolved
-
JDK-8243906 Possibility of integer overflow in JfrThreadSampler::run()
- Resolved