-
Bug
-
Resolution: Fixed
-
P3
-
11, 14, 15
-
b15
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8261214 | 13.0.7 | Ekaterina Vergizova | P3 | Resolved | Fixed | b02 |
| JDK-8257244 | 11.0.10 | Tony Printezis | P3 | Resolved | Fixed | b05 |
I’ve been looking at a SEGV in EdgeUtils::field_name_symbol(Edge const&) that we have been seeing in our nightly testing. I can reproduce it with jdk/jfr/jcmd/TestJcmdDump.java using graal and parallel gc (cms also) on Linux with our 11 release, as well as OpenJDK 11u, 12, 13, and 14.
The culprit seems to be this method:
static const InstanceKlass* field_type(const StoredEdge& edge) {
assert(!edge.is_root() || !EdgeUtils::is_array_element(edge), "invariant");
return (const InstanceKlass*)edge.reference_owner_klass();
}
In some cases edge.reference_owner_klass()->is_instance_klass() == false, as the class here seems to be an object array class (I’ve seen [Ljava.lang.Class; and [Ljava.lang.Enum;). Given this, casting edge.reference_owner_klass() unconditionally to InstanceKlass* seems incorrect.
The culprit seems to be this method:
static const InstanceKlass* field_type(const StoredEdge& edge) {
assert(!edge.is_root() || !EdgeUtils::is_array_element(edge), "invariant");
return (const InstanceKlass*)edge.reference_owner_klass();
}
In some cases edge.reference_owner_klass()->is_instance_klass() == false, as the class here seems to be an object array class (I’ve seen [Ljava.lang.Class; and [Ljava.lang.Enum;). Given this, casting edge.reference_owner_klass() unconditionally to InstanceKlass* seems incorrect.
- backported by
-
JDK-8257244 SEGV in EdgeUtils::field_name_symbol(Edge const&)
-
- Resolved
-
-
-
- Resolved
-
