JDK-8234691 : Potential double-free in ParallelSPCleanupTask constructor
- Type: Bug
- Component: hotspot
- Sub-Component: runtime
- Affected Version: 14
- Priority: P3
- Status: Resolved
- Resolution: Fixed
- Submitted: 2019-11-23
- Updated: 2021-04-22
- Resolved: 2020-04-21
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 11 | JDK 13 | JDK 15 |
|---|---|---|
| 11.0.8-oracleFixed | 13.0.8Fixed | 15 b20Fixed  |
Related Reports
|
Relates :
|
|
|
Relates :
|
Description
The ParallelSPCleanupTask class has a SubTasksDone member _subtasks. The constructor for ParallelSPCleanupTask initializes that member in the initializer list to a freshly constructed rvalue SubTasksDone. Fortunately, that extra SubTasksDone object is completely optimized away via RVO on most or all platforms, since SubTasksDone presently has a default copy constructor. Without the RVO optimization we'd have a double-free of the internal array in the SubTasksDone object that gets constructed by the normal constructor and deleted by the destructor. (SubTasksDone probably ought to be noncopyable; that would have prevented the problem code from compiling in the first place.)
Comments
|