JDK-6271042 : libmawt.so: umem allocator: redzone violation: write past end of buffer
  • Type: Bug
  • Component: client-libs
  • Sub-Component: java.awt
  • Affected Version: 6
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • OS: solaris
  • CPU: sparc
  • Submitted: 2005-05-16
  • Updated: 2006-04-06
  • Resolved: 2005-07-12
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6
6 b43Fixed
Related Reports
Relates :  
JDK-6269884 - Regression: Multibyte Text can not be displayed in title bar of JFrame, Message box, and JDialog
Description
% ksh
$ export JAVA_HOME /java/re/jdk/6.0/promoted/ea/b36/binaries/solaris-sparc/fastdebug
$ export LIBTHREAD_ERROR_DETECTION=2
$ export UMEM_DEBUG="audit,contents,guards,verbose"
$ export UMEM_LOGGING="transaction=64k"
$ export LD_PRELOAD="libumem.so.1"
$ $JAVA_HOME/bin/java -jar $JAVA_HOME/demo/jfc/SwingSet2/SwingSet2.jar
Warning:  Cannot open log file: hotspot.log
Warning:  Forcing option -XX:LogFile=/tmp//hs_pid745.log
default to Motif 2.1, os is: 5.9
default to Motif 2.1, os is: 5.9
umem allocator: redzone violation: write past end of buffer
buffer=a17a0  bufctl=c77e8  cache: umem_alloc_16
previous transaction on buffer a17a0:
thread=1  time=T-0.000334054  slab=6bda0  cache: umem_alloc_16
libumem.so.1'umem_cache_alloc+0x13c
libumem.so.1'umem_alloc+0x44
libumem.so.1'malloc+0x2c
libmawt.so'Java_sun_awt_X11_XlibWrapper_SetProperty+0x70
?? (0xf80115fc)
?? (0xf80114d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
umem: heap corruption detected
stack trace:
libumem.so.1'?? (0xff3654c8)
libumem.so.1'?? (0xff363868)
libumem.so.1'free+0x38
libmawt.so'Java_sun_awt_X11_XlibWrapper_SetProperty+0xd8
?? (0xf80115fc)
?? (0xf80114d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80058f0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80057d0)
?? (0xf80002cc)
libjvm.so'?? (0xfe0017d8)
libjvm.so'?? (0xfe076c88)
java'main+0x77c
java'_start+0x108
Abort

###@###.### 2005-05-16 19:26:19 GMT
Comments
EVALUATION Confirming the cause: inside of XlibWrapper_SetProperty, if length is 0, the memory for list buffer has zero length, however we do unconditional assignment to the first entry. ###@###.### 2005-05-17 11:40:10 GMT
17-05-2005
SUGGESTED FIX j2se/src/solaris/native/sun/xawt/XlibWrapper.cc has: 647 list = malloc(length * sizeof(char*)); // Definitely not bigger than This is too small by at least sizeof (cname) since cname is stored at base of list (refer to line 651) before while() loop starts (lines 653...660) ###@###.### 2005-05-16 19:26:19 GMT
16-05-2005