-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P3
-
Affects Version/s: 11, 17, 21
-
Component/s: hotspot
-
b11
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8307027 | 20u-cpu | Tobias Hartmann | P3 | Resolved | Fixed | master |
| JDK-8305548 | 20.0.2 | Tobias Hartmann | P3 | Resolved | Fixed | b03 |
| JDK-8305131 | 17.0.8-oracle | Tobias Hartmann | P3 | Resolved | Fixed | b01 |
| JDK-8306979 | 17.0.8 | Goetz Lindenmaier | P3 | Resolved | Fixed | b01 |
GraphKit::clone_map duplicates SafePointNode and additionally calls record_for_igvn. In some cases the cloned map is not used and Node::destruct is called. This results in the now destructed SafePointNode, whose memory was free'd and may have been re-used, being present in Unique_Node_List from for_igvn().
To resolve this, we need a corresponding function in GraphKit which undoes the work of clone_map(), including removing the node from Unique_Node_List.
- backported by
-
JDK-8305131 use-after-free related to GraphKit::clone_map
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
- relates to
-
-
- Open
-
-
-
- Closed
-
- links to
-
Commit
openjdk/jdk17u-dev/da740fa6
-
Commit
openjdk/jdk20u/ac960540
-
Commit
openjdk/jdk/3cc459b6
-
Review
openjdk/jdk17u-dev/1288
-
Review
openjdk/jdk20u/27
-
Review
openjdk/jdk/12578