Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8269859

BacktraceBuilder._cprefs needs to be accessed as unsigned short

    XMLWordPrintable

Details

    • b04

    Description

      This is similar to the issue fixed (and hopefully backported to 8) with JDK-8194246. That one fixed the "methods" array that is declared as "short[]", handles "u2" elements, but mistakenly accessed as "short", not "ushort".

      There is a similar trouble with "cprefs" array, that is declared as "short[]", handles "u2" elements, and yet again accessed as "short". Note that JDK-8140685 rewired this to short T_LONG/T_INT as the Symbol* address.

      This means we have a problem in 8u, but not anywhere else.

      This is fairly easy to reproduce on the test case from JDK-8194246, if we simulate redefinition by doing this:

         // The method can be NULL if the requested class version is gone
      - Symbol* sym = (method != NULL) ? method->name() : holder->constants()->symbol_at(cpref);
      + Symbol* sym = holder->constants()->symbol_at(cpref);

      Then the same out-of-bounds assert fires, now at cpref-taking path.

      Attachments

        Issue Links

          Activity

            People

              shade Aleksey Shipilev
              shade Aleksey Shipilev
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: