-
Bug
-
Resolution: Fixed
-
P4
-
26
-
b10
-
x86_64, aarch64
-
linux
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8367057 | 25.0.2 | Matthias Baesken | P4 | Resolved | Fixed | master |
| JDK-8367866 | 21.0.10-oracle | Rashmi Biswal Biswal | P4 | Resolved | Fixed | master |
When running HS tier1 jtreg tests with ASAN - enabled binaries, the test runtime/jni/checked/TestCharArrayReleasing.java fails with the output below :
stdout: [Testing release function ReleaseCharArrayElements with array from malloc
];
stderr: [=================================================================
==37362==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x503000045cc0 at pc 0x7fa0dcd25820 bp 0x7fa0da7cec50 sp 0x7fa0da7cec48
READ of size 8 at 0x503000045cc0 thread T1
#0 0x7fa0dcd2581f in GuardedMemory::GuardHeader::get_tag() const src/hotspot/share/memory/guardedMemory.hpp:152
#1 0x7fa0dcd2581f in GuardedMemory::get_tag() const src/hotspot/share/memory/guardedMemory.hpp:245
#2 0x7fa0dcd2581f in check_wrapped_array src/hotspot/share/prims/jniCheck.cpp:385
#3 0x7fa0dcd25a76 in check_wrapped_array_release src/hotspot/share/prims/jniCheck.cpp:430
#4 0x7fa0dcd27b02 in checked_jni_ReleaseCharArrayElements src/hotspot/share/prims/jniCheck.cpp:1743
#5 0x7fa0e1271620 in Java_TestCharArrayReleasing_testIt test/hotspot/jtreg/runtime/jni/checked/libCharArrayReleasing.c:110
#6 0x7fa0c8d974a4 (<unknown module>)
0x503000045cc0 is located 16 bytes before 20-byte region [0x503000045cd0,0x503000045ce4)
allocated by thread T1 here:
#0 0x7fa0e23722b7 in malloc (/usr/lib64/libasan.so.8+0xf72b7) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x7fa0e1271579 in Java_TestCharArrayReleasing_testIt test/hotspot/jtreg/runtime/jni/checked/libCharArrayReleasing.c:85
#2 0x7fa0c8d974a4 (<unknown module>)
#3 0x7fa0c8d92847 (<unknown module>)
#4 0x7fa0c8d8b6a8 (<unknown module>)
#5 0x7fa0dc99f379 in JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:415
#6 0x7fa0dcca0894 in jni_invoke_static src/hotspot/share/prims/jni.cpp:883
#7 0x7fa0dccaa6d9 in jni_CallStaticVoidMethodV src/hotspot/share/prims/jni.cpp:1723
#8 0x7fa0dcce66c5 in checked_jni_CallStaticVoidMethod src/hotspot/share/prims/jniCheck.cpp:1342
#9 0x7fa0e225a05b in invokeStaticMainWithArgs src/java.base/share/native/libjli/java.c:392
#10 0x7fa0e225dcef in JavaMain src/java.base/share/native/libjli/java.c:640
#11 0x7fa0e2262fd8 in ThreadJavaMain src/java.base/unix/native/libjli/java_md.c:646
#12 0x7fa0e22d9ff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
Thread T1 created by T0 here:
#0 0x7fa0e236a191 in pthread_create (/usr/lib64/libasan.so.8+0xef191) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x7fa0e2264928 in CallJavaMainInNewThread src/java.base/unix/native/libjli/java_md.c:687
#2 0x7fa0e2260580 in ContinueInNewThread src/java.base/share/native/libjli/java.c:2340
#3 0x7fa0e2261edd in JLI_Launch src/java.base/share/native/libjli/java.c:330
#4 0x5589f6afc0fc in main src/java.base/share/native/launcher/main.c:150
#5 0x7fa0e208c1fc in __libc_start_main (/lib64/libc.so.6+0x351fc) (BuildId: 2c8359b67579ed1cba5cce7875abfd60fa954ca7)
SUMMARY: AddressSanitizer: heap-buffer-overflow src/hotspot/share/memory/guardedMemory.hpp:152 in GuardedMemory::GuardHeader::get_tag() const
Shadow bytes around the buggy address:
0x503000045a00: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa
0x503000045a80: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd
0x503000045b00: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
0x503000045b80: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa
0x503000045c00: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd
=>0x503000045c80: fd fa fa fa fd fd fd fa[fa]fa 00 00 04 fa fa fa
0x503000045d00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x503000045d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x503000045e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x503000045e80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x503000045f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==37362==ABORTING
]
exitValue = 1
stdout: [Testing release function ReleaseCharArrayElements with array from malloc
];
stderr: [=================================================================
==37362==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x503000045cc0 at pc 0x7fa0dcd25820 bp 0x7fa0da7cec50 sp 0x7fa0da7cec48
READ of size 8 at 0x503000045cc0 thread T1
#0 0x7fa0dcd2581f in GuardedMemory::GuardHeader::get_tag() const src/hotspot/share/memory/guardedMemory.hpp:152
#1 0x7fa0dcd2581f in GuardedMemory::get_tag() const src/hotspot/share/memory/guardedMemory.hpp:245
#2 0x7fa0dcd2581f in check_wrapped_array src/hotspot/share/prims/jniCheck.cpp:385
#3 0x7fa0dcd25a76 in check_wrapped_array_release src/hotspot/share/prims/jniCheck.cpp:430
#4 0x7fa0dcd27b02 in checked_jni_ReleaseCharArrayElements src/hotspot/share/prims/jniCheck.cpp:1743
#5 0x7fa0e1271620 in Java_TestCharArrayReleasing_testIt test/hotspot/jtreg/runtime/jni/checked/libCharArrayReleasing.c:110
#6 0x7fa0c8d974a4 (<unknown module>)
0x503000045cc0 is located 16 bytes before 20-byte region [0x503000045cd0,0x503000045ce4)
allocated by thread T1 here:
#0 0x7fa0e23722b7 in malloc (/usr/lib64/libasan.so.8+0xf72b7) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x7fa0e1271579 in Java_TestCharArrayReleasing_testIt test/hotspot/jtreg/runtime/jni/checked/libCharArrayReleasing.c:85
#2 0x7fa0c8d974a4 (<unknown module>)
#3 0x7fa0c8d92847 (<unknown module>)
#4 0x7fa0c8d8b6a8 (<unknown module>)
#5 0x7fa0dc99f379 in JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:415
#6 0x7fa0dcca0894 in jni_invoke_static src/hotspot/share/prims/jni.cpp:883
#7 0x7fa0dccaa6d9 in jni_CallStaticVoidMethodV src/hotspot/share/prims/jni.cpp:1723
#8 0x7fa0dcce66c5 in checked_jni_CallStaticVoidMethod src/hotspot/share/prims/jniCheck.cpp:1342
#9 0x7fa0e225a05b in invokeStaticMainWithArgs src/java.base/share/native/libjli/java.c:392
#10 0x7fa0e225dcef in JavaMain src/java.base/share/native/libjli/java.c:640
#11 0x7fa0e2262fd8 in ThreadJavaMain src/java.base/unix/native/libjli/java_md.c:646
#12 0x7fa0e22d9ff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
Thread T1 created by T0 here:
#0 0x7fa0e236a191 in pthread_create (/usr/lib64/libasan.so.8+0xef191) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x7fa0e2264928 in CallJavaMainInNewThread src/java.base/unix/native/libjli/java_md.c:687
#2 0x7fa0e2260580 in ContinueInNewThread src/java.base/share/native/libjli/java.c:2340
#3 0x7fa0e2261edd in JLI_Launch src/java.base/share/native/libjli/java.c:330
#4 0x5589f6afc0fc in main src/java.base/share/native/launcher/main.c:150
#5 0x7fa0e208c1fc in __libc_start_main (/lib64/libc.so.6+0x351fc) (BuildId: 2c8359b67579ed1cba5cce7875abfd60fa954ca7)
SUMMARY: AddressSanitizer: heap-buffer-overflow src/hotspot/share/memory/guardedMemory.hpp:152 in GuardedMemory::GuardHeader::get_tag() const
Shadow bytes around the buggy address:
0x503000045a00: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa
0x503000045a80: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd
0x503000045b00: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
0x503000045b80: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa
0x503000045c00: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd
=>0x503000045c80: fd fa fa fa fd fd fd fa[fa]fa 00 00 04 fa fa fa
0x503000045d00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x503000045d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x503000045e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x503000045e80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x503000045f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==37362==ABORTING
]
exitValue = 1
- backported by
-
JDK-8367057 [asan] runtime/jni/checked/TestCharArrayReleasing.java heap-buffer-overflow
-
- Resolved
-
-
-
- Resolved
-
- links to
-
Commit(master)
openjdk/jdk25u/d7afe4df
-
Commit(master)
openjdk/jdk/67ba8b45
-
Review(master)
openjdk/jdk25u/169
-
Review(master)
openjdk/jdk/26598
(1 links to)