-
Type:
Bug
-
Resolution: Duplicate
-
Priority:
P4
-
None
-
Affects Version/s: 8u471
-
Component/s: hotspot
-
x86_64
-
linux
ADDITIONAL SYSTEM INFORMATION :
openjdk version "1.8.0_452"
OpenJDK Runtime Environment (Temurin)(build 1.8.0_452-b09)
OpenJDK 64-Bit Server VM (Temurin)(build 25.452-b09, mixed mode)
A DESCRIPTION OF THE PROBLEM :
I have discovered a potential issue in the HotSpot JVM (OpenJDK 8u452) via differential testing. When the JVM is started with the flag -XX:PerfMaxStringConstLength set to a value exceeding the range of a signed 32-bit integer (specifically 3526523900), the JVM crashes immediately with a SIGSEGV in libc.so.6.
Discrepancy:
HotSpot (8u452): Crashes with a segmentation fault during startup.
Reference (OpenJ9 8u442): Starts and terminates successfully (prints nothing, as the main method is empty).
The crash appears to occur during the initialization of the performance data subsystem (hsperfdata). The provided value 3526523900 (approx 3.5GB) likely triggers an integer overflow or an unsafe memory allocation request, leading to the crash in the C runtime library.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
javac EmptyTemplateTarget.java
java -XX:PerfMaxStringConstLength=3526523900 EmptyTemplateTarget
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The JVM should initialize and run the program successfully (exiting with code 0), or fail gracefully with a descriptive error message indicating that the specified parameter value is invalid or too large.
Reference Output (Eclipse OpenJ9): (Process exits with code 0 and no output)
ACTUAL -
The HotSpot JVM crashes immediately with a SIGSEGV.
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007fb1ea18aae1, pid=16534, tid=0x00007fb1e8dff640
#
# JRE version: (8.0_452-b09) (build )
# Java VM: OpenJDK 64-Bit Server VM (25.452-b09 mixed mode linux-amd64 compressed oops)
# Problematic frame:
# C [libc.so.6+0x1b3ae1]
#
# Core dump written. Default location: /home/Project/Bug_Valid/TESTDIR/test1/core or core.16534
#
# An error report file with more information is saved as:
# /home/Project/Bug_Valid/TESTDIR/test1/hs_err_pid16534.log
#
...
Aborted (core dumped)
---------- BEGIN SOURCE ----------
public class EmptyTemplateTarget {
public static void main(String[] args) {
}
}
---------- END SOURCE ----------
openjdk version "1.8.0_452"
OpenJDK Runtime Environment (Temurin)(build 1.8.0_452-b09)
OpenJDK 64-Bit Server VM (Temurin)(build 25.452-b09, mixed mode)
A DESCRIPTION OF THE PROBLEM :
I have discovered a potential issue in the HotSpot JVM (OpenJDK 8u452) via differential testing. When the JVM is started with the flag -XX:PerfMaxStringConstLength set to a value exceeding the range of a signed 32-bit integer (specifically 3526523900), the JVM crashes immediately with a SIGSEGV in libc.so.6.
Discrepancy:
HotSpot (8u452): Crashes with a segmentation fault during startup.
Reference (OpenJ9 8u442): Starts and terminates successfully (prints nothing, as the main method is empty).
The crash appears to occur during the initialization of the performance data subsystem (hsperfdata). The provided value 3526523900 (approx 3.5GB) likely triggers an integer overflow or an unsafe memory allocation request, leading to the crash in the C runtime library.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
javac EmptyTemplateTarget.java
java -XX:PerfMaxStringConstLength=3526523900 EmptyTemplateTarget
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The JVM should initialize and run the program successfully (exiting with code 0), or fail gracefully with a descriptive error message indicating that the specified parameter value is invalid or too large.
Reference Output (Eclipse OpenJ9): (Process exits with code 0 and no output)
ACTUAL -
The HotSpot JVM crashes immediately with a SIGSEGV.
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007fb1ea18aae1, pid=16534, tid=0x00007fb1e8dff640
#
# JRE version: (8.0_452-b09) (build )
# Java VM: OpenJDK 64-Bit Server VM (25.452-b09 mixed mode linux-amd64 compressed oops)
# Problematic frame:
# C [libc.so.6+0x1b3ae1]
#
# Core dump written. Default location: /home/Project/Bug_Valid/TESTDIR/test1/core or core.16534
#
# An error report file with more information is saved as:
# /home/Project/Bug_Valid/TESTDIR/test1/hs_err_pid16534.log
#
...
Aborted (core dumped)
---------- BEGIN SOURCE ----------
public class EmptyTemplateTarget {
public static void main(String[] args) {
}
}
---------- END SOURCE ----------
- duplicates
-
JDK-8078556 Runtime: implement ranges (optionally constraints) for those flags that have them missing
-
- Resolved
-