P3
When using asan - enabled binaries on Linux x86_64, the following issue is reported when running test AOTCodeFlags.java :
stderr: [=================================================================
==12605==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5020000026f4 at pc 0x1527a33c1f96 bp 0x152699bf4ce0 sp 0x152699bf44a0
READ of size 8 at 0x5020000026f4 thread T14 (VM Thread)
#0 0x1527a33c1f95 in memcpy (/usr/lib64/libasan.so.8+0xf4f95) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x15279c5d8f9b in ArchiveBuilder::make_shallow_copy(DumpRegion*, ArchiveBuilder::SourceObjInfo*) src/hotspot/share/cds/archiveBuilder.cpp:694
#2 0x15279c5da109 in ArchiveBuilder::make_shallow_copies(DumpRegion*, ArchiveBuilder::SourceObjList const*) src/hotspot/share/cds/archiveBuilder.cpp:656
#3 0x15279c5da109 in ArchiveBuilder::dump_rw_metadata() src/hotspot/share/cds/archiveBuilder.cpp:623
#4 0x15279e9c1f19 in VM_PopulateDumpSharedSpace::doit() src/hotspot/share/cds/metaspaceShared.cpp:663
#5 0x15279f932bdc in VM_Operation::evaluate() src/hotspot/share/runtime/vmOperations.cpp:74
#6 0x15279f93ebea in VMThread::evaluate_operation(VM_Operation*) src/hotspot/share/runtime/vmThread.cpp:282
#7 0x15279f9412a2 in VMThread::inner_execute(VM_Operation*) src/hotspot/share/runtime/vmThread.cpp:426
#8 0x15279f941976 in VMThread::loop() src/hotspot/share/runtime/vmThread.cpp:492
#9 0x15279f941976 in VMThread::run() src/hotspot/share/runtime/vmThread.cpp:176
#10 0x15279f726a6f in Thread::call_run() src/hotspot/share/runtime/thread.cpp:243
#11 0x15279ebdcf22 in thread_native_entry src/hotspot/os/linux/os_linux.cpp:868
#12 0x1527a332bff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#13 0x1527a307e6e9 in start_thread (/lib64/libpthread.so.0+0xa6e9) (BuildId: 938e42b7e407d175ee3ef9a89c038168101d330c)
#14 0x1527a31c158e in clone (/lib64/libc.so.6+0x11858e) (BuildId: 74f77bf013a66413c77197c121955e029c32d259)
0x5020000026f4 is located 0 bytes after 4-byte region [0x5020000026f0,0x5020000026f4)
allocated by thread T1 here:
#0 0x1527a33c42b7 in malloc (/usr/lib64/libasan.so.8+0xf72b7) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x15279ebc21a7 in permit_forbidden_function::malloc(unsigned long) src/hotspot/share/utilities/permitForbiddenFunctions.hpp:63
#2 0x15279ebc21a7 in os::malloc(unsigned long, MemTag, NativeCallStack const&) src/hotspot/share/runtime/os.cpp:659
#3 0x15279c5835eb in AllocateHeap(unsigned long, MemTag, NativeCallStack const&, AllocFailStrategy::AllocFailEnum) src/hotspot/share/memory/allocation.cpp:40
#4 0x15279c5835eb in AllocateHeap(unsigned long, MemTag, AllocFailStrategy::AllocFailEnum) src/hotspot/share/memory/allocation.cpp:50
#5 0x15279ef0d93b in AdapterFingerPrint::operator new(unsigned long, unsigned long) src/hotspot/share/runtime/sharedRuntime.cpp:2269
#6 0x15279ef0d93b in AdapterFingerPrint::allocate(int, BasicType*) src/hotspot/share/runtime/sharedRuntime.cpp:2293
#7 0x15279ef0d93b in AdapterHandlerLibrary::create_adapter(AdapterBlob*&, int, BasicType*, bool) src/hotspot/share/runtime/sharedRuntime.cpp:2868
#8 0x15279ef118fd in AdapterHandlerLibrary::initialize() src/hotspot/share/runtime/sharedRuntime.cpp:2584
#9 0x15279db318f6 in init_globals() src/hotspot/share/runtime/init.cpp:162
#10 0x15279f758896 in Threads::create_vm(JavaVMInitArgs*, bool*) src/hotspot/share/runtime/threads.cpp:592
#11 0x15279ded5728 in JNI_CreateJavaVM_inner src/hotspot/share/prims/jni.cpp:3587
#12 0x15279ded5728 in JNI_CreateJavaVM src/hotspot/share/prims/jni.cpp:3678
#13 0x1527a32ac633 in InitializeJVM src/java.base/share/native/libjli/java.c:1506
#14 0x1527a32ac633 in JavaMain src/java.base/share/native/libjli/java.c:494
#15 0x1527a32b4e58 in ThreadJavaMain src/java.base/unix/native/libjli/java_md.c:646
#16 0x1527a332bff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
Thread T14 (VM Thread) created by T1 here:
#0 0x1527a33bc191 in pthread_create (/usr/lib64/libasan.so.8+0xef191) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x15279ebe0180 in os::create_thread(Thread*, os::ThreadType, unsigned long) src/hotspot/os/linux/os_linux.cpp:1061
#2 0x15279f758a3f in Threads::create_vm(JavaVMInitArgs*, bool*) src/hotspot/share/runtime/threads.cpp:645
#3 0x15279ded5728 in JNI_CreateJavaVM_inner src/hotspot/share/prims/jni.cpp:3587
#4 0x15279ded5728 in JNI_CreateJavaVM src/hotspot/share/prims/jni.cpp:3678
#5 0x1527a32ac633 in InitializeJVM src/java.base/share/native/libjli/java.c:1506
#6 0x1527a32ac633 in JavaMain src/java.base/share/native/libjli/java.c:494
#7 0x1527a32b4e58 in ThreadJavaMain src/java.base/unix/native/libjli/java_md.c:646
#8 0x1527a332bff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
Thread T1 created by T0 here:
#0 0x1527a33bc191 in pthread_create (/usr/lib64/libasan.so.8+0xef191) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x1527a32b67a8 in CallJavaMainInNewThread src/java.base/unix/native/libjli/java_md.c:687
#2 0x1527a32b2400 in ContinueInNewThread src/java.base/share/native/libjli/java.c:2340
#3 0x1527a32b3d5d in JLI_Launch src/java.base/share/native/libjli/java.c:330
#4 0x558bf57570fc in main src/java.base/share/native/launcher/main.c:150
#5 0x1527a30de24c in __libc_start_main (/lib64/libc.so.6+0x3524c) (BuildId: 74f77bf013a66413c77197c121955e029c32d259)
SUMMARY: AddressSanitizer: heap-buffer-overflow (/usr/lib64/libasan.so.8+0xf4f95) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f) in memcpy
Shadow bytes around the buggy address:
0x502000002400: fa fa 00 04 fa fa 00 05 fa fa 00 05 fa fa 00 00
0x502000002480: fa fa 01 fa fa fa 00 fa fa fa 00 fa fa fa 00 fa
0x502000002500: fa fa 00 fa fa fa 00 fa fa fa 00 fa fa fa 00 fa
0x502000002580: fa fa 00 fa fa fa 00 fa fa fa 00 fa fa fa 00 fa
0x502000002600: fa fa 00 fa fa fa 00 fa fa fa 00 fa fa fa 00 fa
=>0x502000002680: fa fa 00 fa fa fa 00 00 fa fa 04 fa fa fa[04]fa
0x502000002700: fa fa 00 00 fa fa 00 fa fa fa 00 00 fa fa 00 fa
0x502000002780: fa fa 00 00 fa fa 00 fa fa fa 00 00 fa fa 00 fa
0x502000002800: fa fa 00 00 fa fa fd fd fa fa fd fd fa fa 00 00
0x502000002880: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa
0x502000002900: fa fa fd fd fa fa 00 04 fa fa 00 00 fa fa 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==12605==ABORTING
stderr: [=================================================================
==12605==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5020000026f4 at pc 0x1527a33c1f96 bp 0x152699bf4ce0 sp 0x152699bf44a0
READ of size 8 at 0x5020000026f4 thread T14 (VM Thread)
#0 0x1527a33c1f95 in memcpy (/usr/lib64/libasan.so.8+0xf4f95) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x15279c5d8f9b in ArchiveBuilder::make_shallow_copy(DumpRegion*, ArchiveBuilder::SourceObjInfo*) src/hotspot/share/cds/archiveBuilder.cpp:694
#2 0x15279c5da109 in ArchiveBuilder::make_shallow_copies(DumpRegion*, ArchiveBuilder::SourceObjList const*) src/hotspot/share/cds/archiveBuilder.cpp:656
#3 0x15279c5da109 in ArchiveBuilder::dump_rw_metadata() src/hotspot/share/cds/archiveBuilder.cpp:623
#4 0x15279e9c1f19 in VM_PopulateDumpSharedSpace::doit() src/hotspot/share/cds/metaspaceShared.cpp:663
#5 0x15279f932bdc in VM_Operation::evaluate() src/hotspot/share/runtime/vmOperations.cpp:74
#6 0x15279f93ebea in VMThread::evaluate_operation(VM_Operation*) src/hotspot/share/runtime/vmThread.cpp:282
#7 0x15279f9412a2 in VMThread::inner_execute(VM_Operation*) src/hotspot/share/runtime/vmThread.cpp:426
#8 0x15279f941976 in VMThread::loop() src/hotspot/share/runtime/vmThread.cpp:492
#9 0x15279f941976 in VMThread::run() src/hotspot/share/runtime/vmThread.cpp:176
#10 0x15279f726a6f in Thread::call_run() src/hotspot/share/runtime/thread.cpp:243
#11 0x15279ebdcf22 in thread_native_entry src/hotspot/os/linux/os_linux.cpp:868
#12 0x1527a332bff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#13 0x1527a307e6e9 in start_thread (/lib64/libpthread.so.0+0xa6e9) (BuildId: 938e42b7e407d175ee3ef9a89c038168101d330c)
#14 0x1527a31c158e in clone (/lib64/libc.so.6+0x11858e) (BuildId: 74f77bf013a66413c77197c121955e029c32d259)
0x5020000026f4 is located 0 bytes after 4-byte region [0x5020000026f0,0x5020000026f4)
allocated by thread T1 here:
#0 0x1527a33c42b7 in malloc (/usr/lib64/libasan.so.8+0xf72b7) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x15279ebc21a7 in permit_forbidden_function::malloc(unsigned long) src/hotspot/share/utilities/permitForbiddenFunctions.hpp:63
#2 0x15279ebc21a7 in os::malloc(unsigned long, MemTag, NativeCallStack const&) src/hotspot/share/runtime/os.cpp:659
#3 0x15279c5835eb in AllocateHeap(unsigned long, MemTag, NativeCallStack const&, AllocFailStrategy::AllocFailEnum) src/hotspot/share/memory/allocation.cpp:40
#4 0x15279c5835eb in AllocateHeap(unsigned long, MemTag, AllocFailStrategy::AllocFailEnum) src/hotspot/share/memory/allocation.cpp:50
#5 0x15279ef0d93b in AdapterFingerPrint::operator new(unsigned long, unsigned long) src/hotspot/share/runtime/sharedRuntime.cpp:2269
#6 0x15279ef0d93b in AdapterFingerPrint::allocate(int, BasicType*) src/hotspot/share/runtime/sharedRuntime.cpp:2293
#7 0x15279ef0d93b in AdapterHandlerLibrary::create_adapter(AdapterBlob*&, int, BasicType*, bool) src/hotspot/share/runtime/sharedRuntime.cpp:2868
#8 0x15279ef118fd in AdapterHandlerLibrary::initialize() src/hotspot/share/runtime/sharedRuntime.cpp:2584
#9 0x15279db318f6 in init_globals() src/hotspot/share/runtime/init.cpp:162
#10 0x15279f758896 in Threads::create_vm(JavaVMInitArgs*, bool*) src/hotspot/share/runtime/threads.cpp:592
#11 0x15279ded5728 in JNI_CreateJavaVM_inner src/hotspot/share/prims/jni.cpp:3587
#12 0x15279ded5728 in JNI_CreateJavaVM src/hotspot/share/prims/jni.cpp:3678
#13 0x1527a32ac633 in InitializeJVM src/java.base/share/native/libjli/java.c:1506
#14 0x1527a32ac633 in JavaMain src/java.base/share/native/libjli/java.c:494
#15 0x1527a32b4e58 in ThreadJavaMain src/java.base/unix/native/libjli/java_md.c:646
#16 0x1527a332bff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
Thread T14 (VM Thread) created by T1 here:
#0 0x1527a33bc191 in pthread_create (/usr/lib64/libasan.so.8+0xef191) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x15279ebe0180 in os::create_thread(Thread*, os::ThreadType, unsigned long) src/hotspot/os/linux/os_linux.cpp:1061
#2 0x15279f758a3f in Threads::create_vm(JavaVMInitArgs*, bool*) src/hotspot/share/runtime/threads.cpp:645
#3 0x15279ded5728 in JNI_CreateJavaVM_inner src/hotspot/share/prims/jni.cpp:3587
#4 0x15279ded5728 in JNI_CreateJavaVM src/hotspot/share/prims/jni.cpp:3678
#5 0x1527a32ac633 in InitializeJVM src/java.base/share/native/libjli/java.c:1506
#6 0x1527a32ac633 in JavaMain src/java.base/share/native/libjli/java.c:494
#7 0x1527a32b4e58 in ThreadJavaMain src/java.base/unix/native/libjli/java_md.c:646
#8 0x1527a332bff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
Thread T1 created by T0 here:
#0 0x1527a33bc191 in pthread_create (/usr/lib64/libasan.so.8+0xef191) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x1527a32b67a8 in CallJavaMainInNewThread src/java.base/unix/native/libjli/java_md.c:687
#2 0x1527a32b2400 in ContinueInNewThread src/java.base/share/native/libjli/java.c:2340
#3 0x1527a32b3d5d in JLI_Launch src/java.base/share/native/libjli/java.c:330
#4 0x558bf57570fc in main src/java.base/share/native/launcher/main.c:150
#5 0x1527a30de24c in __libc_start_main (/lib64/libc.so.6+0x3524c) (BuildId: 74f77bf013a66413c77197c121955e029c32d259)
SUMMARY: AddressSanitizer: heap-buffer-overflow (/usr/lib64/libasan.so.8+0xf4f95) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f) in memcpy
Shadow bytes around the buggy address:
0x502000002400: fa fa 00 04 fa fa 00 05 fa fa 00 05 fa fa 00 00
0x502000002480: fa fa 01 fa fa fa 00 fa fa fa 00 fa fa fa 00 fa
0x502000002500: fa fa 00 fa fa fa 00 fa fa fa 00 fa fa fa 00 fa
0x502000002580: fa fa 00 fa fa fa 00 fa fa fa 00 fa fa fa 00 fa
0x502000002600: fa fa 00 fa fa fa 00 fa fa fa 00 fa fa fa 00 fa
=>0x502000002680: fa fa 00 fa fa fa 00 00 fa fa 04 fa fa fa[04]fa
0x502000002700: fa fa 00 00 fa fa 00 fa fa fa 00 00 fa fa 00 fa
0x502000002780: fa fa 00 00 fa fa 00 fa fa fa 00 00 fa fa 00 fa
0x502000002800: fa fa 00 00 fa fa fd fd fa fa fd fd fa fa 00 00
0x502000002880: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa
0x502000002900: fa fa fd fd fa fa 00 04 fa fa 00 00 fa fa 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==12605==ABORTING
- relates to
-
JDK-8358597 [asan] runtime/cds/appcds/CommandLineFlagCombo.java reports heap-buffer-overflow in ArchiveBuilder
-
- Open
-
- links to
-
Commit(master)
openjdk/jdk/ebd85288
-
Review(master)
openjdk/jdk/25604