-
Bug
-
Resolution: Unresolved
-
P4
-
None
-
25
-
Fix Understood
-
generic
-
generic
A DESCRIPTION OF THE PROBLEM :
defineClass version accepts a ByteBuffer that could be freed. It is now made possible by using FFM.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Run the program.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Some exception is thrown.
ACTUAL -
#
# A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x00007ff93b8ba653, pid=6124, tid=1228
#
# JRE version: OpenJDK Runtime Environment (25.0+30) (build 25-ea+30-3419)
# Java VM: OpenJDK 64-Bit Server VM (25-ea+30-3419, mixed mode, sharing, tiered, compressed oops, compressed class ptrs, g1 gc, windows-amd64)
# Problematic frame:
# V [jvm.dll+0x28a653]
#
# No core dump will be written. Minidumps are not enabled by default on client versions of Windows
#
# If you would like to submit a bug report, please visit:
# https://bugreport.java.com/bugreport/crash.jsp
#
--------------- S U M M A R Y ------------
Command Line: -Djava.file.encoding=UTF-8 -Dstderr.encoding=UTF-8 -Dstdout.encoding=UTF-8 -Dsun.jnu.encoding=UTF-8 --enable-preview -Dfile.encoding=UTF-8 -Duser.country=US -Duser.language=en -Duser.variant DefineClassCrash
[...]
--------------- T H R E A D ---------------
Current thread (0x000002037a24d970): JavaThread "Thread-0" [_thread_in_vm, id=1228, stack(0x0000004cd9d00000,0x0000004cd9e00000) (1024K)]
Stack: [0x0000004cd9d00000,0x0000004cd9e00000], sp=0x0000004cd9dfe480, free space=1017k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [jvm.dll+0x28a653] (no source info available)
V [jvm.dll+0x280836] (no source info available)
V [jvm.dll+0x6684e1] (no source info available)
V [jvm.dll+0x8d4cc6] (no source info available)
V [jvm.dll+0x5191c2] (no source info available)
V [jvm.dll+0x51ec38] (no source info available)
C [java.dll+0x1961] (no source info available)
C 0x0000020349cad193 (no source info available)
The last pc belongs to native method entry point (kind = native) (printed below).
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j java.lang.ClassLoader.defineClass2(Ljava/lang/ClassLoader;Ljava/lang/String;Ljava/nio/ByteBuffer;IILjava/security/ProtectionDomain;Ljava/lang/String;)Ljava/lang/Class;+0 java.base@25-ea
j java.lang.ClassLoader.defineClass(Ljava/lang/String;Ljava/nio/ByteBuffer;Ljava/security/ProtectionDomain;)Ljava/lang/Class;+93 java.base@25-ea
j DefineClassCrash$1.crash()V+59
j DefineClassCrash.lambda$main$0(LDefineClassCrash$1;)V+1
j DefineClassCrash$$Lambda+0x000000003f040510.run()V+4
j java.lang.Thread.runWith(Ljava/lang/Object;Ljava/lang/Runnable;)V+5 java.base@25-ea
j java.lang.Thread.run()V+19 java.base@25-ea
v ~StubRoutines::call_stub 0x0000020349ca12ed
siginfo: EXCEPTION_ACCESS_VIOLATION (0xc0000005), reading address 0x000002037a28be40
---------- BEGIN SOURCE ----------
import java.lang.foreign.Arena;
import java.util.concurrent.ThreadLocalRandom;
public class DefineClassCrash {
public static void main(String[] args) {
var cl = new ClassLoader() {
void crash() {
var arena = Arena.ofConfined();
int size = 65536;
var byteBuffer = arena.allocate(size).asByteBuffer();
for (int i = 0; i < size; i += Long.BYTES) {
byteBuffer.putLong(i, ThreadLocalRandom.current().nextLong());
}
arena.close();
defineClass(null, byteBuffer, null);
}
};
for (int i = 0; i < 8; i++) {
Thread.ofPlatform().start(() -> {
while (true) {
try {
cl.crash();
} catch (Throwable ignored) {
}
try {
Thread.sleep(1L);
} catch (InterruptedException e) {
}
}
});
}
}
}
---------- END SOURCE ----------
defineClass version accepts a ByteBuffer that could be freed. It is now made possible by using FFM.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Run the program.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Some exception is thrown.
ACTUAL -
#
# A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x00007ff93b8ba653, pid=6124, tid=1228
#
# JRE version: OpenJDK Runtime Environment (25.0+30) (build 25-ea+30-3419)
# Java VM: OpenJDK 64-Bit Server VM (25-ea+30-3419, mixed mode, sharing, tiered, compressed oops, compressed class ptrs, g1 gc, windows-amd64)
# Problematic frame:
# V [jvm.dll+0x28a653]
#
# No core dump will be written. Minidumps are not enabled by default on client versions of Windows
#
# If you would like to submit a bug report, please visit:
# https://bugreport.java.com/bugreport/crash.jsp
#
--------------- S U M M A R Y ------------
Command Line: -Djava.file.encoding=UTF-8 -Dstderr.encoding=UTF-8 -Dstdout.encoding=UTF-8 -Dsun.jnu.encoding=UTF-8 --enable-preview -Dfile.encoding=UTF-8 -Duser.country=US -Duser.language=en -Duser.variant DefineClassCrash
[...]
--------------- T H R E A D ---------------
Current thread (0x000002037a24d970): JavaThread "Thread-0" [_thread_in_vm, id=1228, stack(0x0000004cd9d00000,0x0000004cd9e00000) (1024K)]
Stack: [0x0000004cd9d00000,0x0000004cd9e00000], sp=0x0000004cd9dfe480, free space=1017k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [jvm.dll+0x28a653] (no source info available)
V [jvm.dll+0x280836] (no source info available)
V [jvm.dll+0x6684e1] (no source info available)
V [jvm.dll+0x8d4cc6] (no source info available)
V [jvm.dll+0x5191c2] (no source info available)
V [jvm.dll+0x51ec38] (no source info available)
C [java.dll+0x1961] (no source info available)
C 0x0000020349cad193 (no source info available)
The last pc belongs to native method entry point (kind = native) (printed below).
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j java.lang.ClassLoader.defineClass2(Ljava/lang/ClassLoader;Ljava/lang/String;Ljava/nio/ByteBuffer;IILjava/security/ProtectionDomain;Ljava/lang/String;)Ljava/lang/Class;+0 java.base@25-ea
j java.lang.ClassLoader.defineClass(Ljava/lang/String;Ljava/nio/ByteBuffer;Ljava/security/ProtectionDomain;)Ljava/lang/Class;+93 java.base@25-ea
j DefineClassCrash$1.crash()V+59
j DefineClassCrash.lambda$main$0(LDefineClassCrash$1;)V+1
j DefineClassCrash$$Lambda+0x000000003f040510.run()V+4
j java.lang.Thread.runWith(Ljava/lang/Object;Ljava/lang/Runnable;)V+5 java.base@25-ea
j java.lang.Thread.run()V+19 java.base@25-ea
v ~StubRoutines::call_stub 0x0000020349ca12ed
siginfo: EXCEPTION_ACCESS_VIOLATION (0xc0000005), reading address 0x000002037a28be40
---------- BEGIN SOURCE ----------
import java.lang.foreign.Arena;
import java.util.concurrent.ThreadLocalRandom;
public class DefineClassCrash {
public static void main(String[] args) {
var cl = new ClassLoader() {
void crash() {
var arena = Arena.ofConfined();
int size = 65536;
var byteBuffer = arena.allocate(size).asByteBuffer();
for (int i = 0; i < size; i += Long.BYTES) {
byteBuffer.putLong(i, ThreadLocalRandom.current().nextLong());
}
arena.close();
defineClass(null, byteBuffer, null);
}
};
for (int i = 0; i < 8; i++) {
Thread.ofPlatform().start(() -> {
while (true) {
try {
cl.crash();
} catch (Throwable ignored) {
}
try {
Thread.sleep(1L);
} catch (InterruptedException e) {
}
}
});
}
}
}
---------- END SOURCE ----------
- relates to
-
-
- Resolved
-
- links to
-
Review(master)
openjdk/jdk/26724