P3
Looking at https://github.com/openjdk/jdk/blob/master/src/hotspot/os/linux/os_linux.cpp#L675
there is
void *stackmem = alloca(((pid ^ counter++) & 7) * 128);
// Ensure the alloca result is used in a way that prevents the compiler from eliding it.
*(char *)stackmem = 1;
If the expression supplied to alloca is 0, then no additional space is allocated in the frame and returned pointer points at whatever is at SP. If space was allocated by the alloca, then that is space that can be written on by the assignment through stackmem. If space was not allocated by alloca, then writing through stackmem writes on whatever is pointed to by SP, which is "Probably Not Good"(TM).
This issue won't happen often, given the math around pid and the counter, but it is possible. A fix might be to make sure that the math never returns 0.
Discovered by inspection. Creating a reproducible test case would be difficult.
there is
void *stackmem = alloca(((pid ^ counter++) & 7) * 128);
// Ensure the alloca result is used in a way that prevents the compiler from eliding it.
*(char *)stackmem = 1;
If the expression supplied to alloca is 0, then no additional space is allocated in the frame and returned pointer points at whatever is at SP. If space was allocated by the alloca, then that is space that can be written on by the assignment through stackmem. If space was not allocated by alloca, then writing through stackmem writes on whatever is pointed to by SP, which is "Probably Not Good"(TM).
This issue won't happen often, given the math around pid and the counter, but it is possible. A fix might be to make sure that the math never returns 0.
Discovered by inspection. Creating a reproducible test case would be difficult.
- relates to
-
JDK-8263718 unused-result warning happens at os_linux.cpp
-
- Resolved
-
