-
Bug
-
Resolution: Fixed
-
P2
-
18, repo-panama
-
b26
-
Verified
In the case of a deopt due to an uncommon trap, the uncommon trap blob ad-hoc extends the frame of caller of the deoptee so that it has enough space for local variables after converting it to an interpreter frame.
For compiled callers this means we also need to make room for the arguments, which would normally be done by a c2i adapter.
However, the current deopt code only checks if the caller is a compiled frame with frame::is_compiled_frame, and therefore doesn't extend the stack for arguments if the caller is an optimized entry blob, which also does a compiled call. This can lead to memory corruption because some of the locals of the youngest reconstituted interpreter frame overwrite parts of the optimized entry frame.
For compiled callers this means we also need to make room for the arguments, which would normally be done by a c2i adapter.
However, the current deopt code only checks if the caller is a compiled frame with frame::is_compiled_frame, and therefore doesn't extend the stack for arguments if the caller is an optimized entry blob, which also does a compiled call. This can lead to memory corruption because some of the locals of the youngest reconstituted interpreter frame overwrite parts of the optimized entry frame.
- relates to
-
-
- Resolved
-
