Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8358289

[asan] runtime/cds/appcds/aotCode/AOTCodeFlags.java reports heap-buffer-overflow in ArchiveBuilder

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P3 P3
    • 25
    • 25
    • hotspot
    • b26
    • x86_64
    • linux

      When using asan - enabled binaries on Linux x86_64, the following issue is reported when running test AOTCodeFlags.java :


       stderr: [=================================================================
      ==12605==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5020000026f4 at pc 0x1527a33c1f96 bp 0x152699bf4ce0 sp 0x152699bf44a0
      READ of size 8 at 0x5020000026f4 thread T14 (VM Thread)
          #0 0x1527a33c1f95 in memcpy (/usr/lib64/libasan.so.8+0xf4f95) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
          #1 0x15279c5d8f9b in ArchiveBuilder::make_shallow_copy(DumpRegion*, ArchiveBuilder::SourceObjInfo*) src/hotspot/share/cds/archiveBuilder.cpp:694
          #2 0x15279c5da109 in ArchiveBuilder::make_shallow_copies(DumpRegion*, ArchiveBuilder::SourceObjList const*) src/hotspot/share/cds/archiveBuilder.cpp:656
          #3 0x15279c5da109 in ArchiveBuilder::dump_rw_metadata() src/hotspot/share/cds/archiveBuilder.cpp:623
          #4 0x15279e9c1f19 in VM_PopulateDumpSharedSpace::doit() src/hotspot/share/cds/metaspaceShared.cpp:663
          #5 0x15279f932bdc in VM_Operation::evaluate() src/hotspot/share/runtime/vmOperations.cpp:74
          #6 0x15279f93ebea in VMThread::evaluate_operation(VM_Operation*) src/hotspot/share/runtime/vmThread.cpp:282
          #7 0x15279f9412a2 in VMThread::inner_execute(VM_Operation*) src/hotspot/share/runtime/vmThread.cpp:426
          #8 0x15279f941976 in VMThread::loop() src/hotspot/share/runtime/vmThread.cpp:492
          #9 0x15279f941976 in VMThread::run() src/hotspot/share/runtime/vmThread.cpp:176
          #10 0x15279f726a6f in Thread::call_run() src/hotspot/share/runtime/thread.cpp:243
          #11 0x15279ebdcf22 in thread_native_entry src/hotspot/os/linux/os_linux.cpp:868
          #12 0x1527a332bff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
          #13 0x1527a307e6e9 in start_thread (/lib64/libpthread.so.0+0xa6e9) (BuildId: 938e42b7e407d175ee3ef9a89c038168101d330c)
          #14 0x1527a31c158e in clone (/lib64/libc.so.6+0x11858e) (BuildId: 74f77bf013a66413c77197c121955e029c32d259)

      0x5020000026f4 is located 0 bytes after 4-byte region [0x5020000026f0,0x5020000026f4)
      allocated by thread T1 here:
          #0 0x1527a33c42b7 in malloc (/usr/lib64/libasan.so.8+0xf72b7) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
          #1 0x15279ebc21a7 in permit_forbidden_function::malloc(unsigned long) src/hotspot/share/utilities/permitForbiddenFunctions.hpp:63
          #2 0x15279ebc21a7 in os::malloc(unsigned long, MemTag, NativeCallStack const&) src/hotspot/share/runtime/os.cpp:659
          #3 0x15279c5835eb in AllocateHeap(unsigned long, MemTag, NativeCallStack const&, AllocFailStrategy::AllocFailEnum) src/hotspot/share/memory/allocation.cpp:40
          #4 0x15279c5835eb in AllocateHeap(unsigned long, MemTag, AllocFailStrategy::AllocFailEnum) src/hotspot/share/memory/allocation.cpp:50
          #5 0x15279ef0d93b in AdapterFingerPrint::operator new(unsigned long, unsigned long) src/hotspot/share/runtime/sharedRuntime.cpp:2269
          #6 0x15279ef0d93b in AdapterFingerPrint::allocate(int, BasicType*) src/hotspot/share/runtime/sharedRuntime.cpp:2293
          #7 0x15279ef0d93b in AdapterHandlerLibrary::create_adapter(AdapterBlob*&, int, BasicType*, bool) src/hotspot/share/runtime/sharedRuntime.cpp:2868
          #8 0x15279ef118fd in AdapterHandlerLibrary::initialize() src/hotspot/share/runtime/sharedRuntime.cpp:2584
          #9 0x15279db318f6 in init_globals() src/hotspot/share/runtime/init.cpp:162
          #10 0x15279f758896 in Threads::create_vm(JavaVMInitArgs*, bool*) src/hotspot/share/runtime/threads.cpp:592
          #11 0x15279ded5728 in JNI_CreateJavaVM_inner src/hotspot/share/prims/jni.cpp:3587
          #12 0x15279ded5728 in JNI_CreateJavaVM src/hotspot/share/prims/jni.cpp:3678
          #13 0x1527a32ac633 in InitializeJVM src/java.base/share/native/libjli/java.c:1506
          #14 0x1527a32ac633 in JavaMain src/java.base/share/native/libjli/java.c:494
          #15 0x1527a32b4e58 in ThreadJavaMain src/java.base/unix/native/libjli/java_md.c:646
          #16 0x1527a332bff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)

      Thread T14 (VM Thread) created by T1 here:
          #0 0x1527a33bc191 in pthread_create (/usr/lib64/libasan.so.8+0xef191) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
          #1 0x15279ebe0180 in os::create_thread(Thread*, os::ThreadType, unsigned long) src/hotspot/os/linux/os_linux.cpp:1061
          #2 0x15279f758a3f in Threads::create_vm(JavaVMInitArgs*, bool*) src/hotspot/share/runtime/threads.cpp:645
          #3 0x15279ded5728 in JNI_CreateJavaVM_inner src/hotspot/share/prims/jni.cpp:3587
          #4 0x15279ded5728 in JNI_CreateJavaVM src/hotspot/share/prims/jni.cpp:3678
          #5 0x1527a32ac633 in InitializeJVM src/java.base/share/native/libjli/java.c:1506
          #6 0x1527a32ac633 in JavaMain src/java.base/share/native/libjli/java.c:494
          #7 0x1527a32b4e58 in ThreadJavaMain src/java.base/unix/native/libjli/java_md.c:646
          #8 0x1527a332bff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)

      Thread T1 created by T0 here:
          #0 0x1527a33bc191 in pthread_create (/usr/lib64/libasan.so.8+0xef191) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
          #1 0x1527a32b67a8 in CallJavaMainInNewThread src/java.base/unix/native/libjli/java_md.c:687
          #2 0x1527a32b2400 in ContinueInNewThread src/java.base/share/native/libjli/java.c:2340
          #3 0x1527a32b3d5d in JLI_Launch src/java.base/share/native/libjli/java.c:330
          #4 0x558bf57570fc in main src/java.base/share/native/launcher/main.c:150
          #5 0x1527a30de24c in __libc_start_main (/lib64/libc.so.6+0x3524c) (BuildId: 74f77bf013a66413c77197c121955e029c32d259)

      SUMMARY: AddressSanitizer: heap-buffer-overflow (/usr/lib64/libasan.so.8+0xf4f95) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f) in memcpy
      Shadow bytes around the buggy address:
        0x502000002400: fa fa 00 04 fa fa 00 05 fa fa 00 05 fa fa 00 00
        0x502000002480: fa fa 01 fa fa fa 00 fa fa fa 00 fa fa fa 00 fa
        0x502000002500: fa fa 00 fa fa fa 00 fa fa fa 00 fa fa fa 00 fa
        0x502000002580: fa fa 00 fa fa fa 00 fa fa fa 00 fa fa fa 00 fa
        0x502000002600: fa fa 00 fa fa fa 00 fa fa fa 00 fa fa fa 00 fa
      =>0x502000002680: fa fa 00 fa fa fa 00 00 fa fa 04 fa fa fa[04]fa
        0x502000002700: fa fa 00 00 fa fa 00 fa fa fa 00 00 fa fa 00 fa
        0x502000002780: fa fa 00 00 fa fa 00 fa fa fa 00 00 fa fa 00 fa
        0x502000002800: fa fa 00 00 fa fa fd fd fa fa fd fd fa fa 00 00
        0x502000002880: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa
        0x502000002900: fa fa fd fd fa fa 00 04 fa fa 00 00 fa fa 00 00
      Shadow byte legend (one shadow byte represents 8 application bytes):
        Addressable: 00
        Partially addressable: 01 02 03 04 05 06 07
        Heap left redzone: fa
        Freed heap region: fd
        Stack left redzone: f1
        Stack mid redzone: f2
        Stack right redzone: f3
        Stack after return: f5
        Stack use after scope: f8
        Global redzone: f9
        Global init order: f6
        Poisoned by user: f7
        Container overflow: fc
        Array cookie: ac
        Intra object redzone: bb
        ASan internal: fe
        Left alloca redzone: ca
        Right alloca redzone: cb
      ==12605==ABORTING

            kvn Vladimir Kozlov
            mbaesken Matthias Baesken
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: