JDK-8269859 : BacktraceBuilder._cprefs needs to be accessed as unsigned short
  • Type: Bug
  • Component: hotspot
  • Sub-Component: runtime
  • Affected Version: 8
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2021-07-05
  • Updated: 2021-08-18
  • Resolved: 2021-08-18
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
openjdk8u312 teamFixed
Related Reports
Relates :  
JDK-8140685 - Fix backtrace building to not rely on constant pool merging
Relates :  
JDK-8194246 - JVM crashes when calling getStackTrace if stack contains a method that is a member of a very large class
Description
This is similar to the issue fixed (and hopefully backported to 8) with JDK-8194246. That one fixed the "methods" array that is declared as "short[]", handles "u2" elements, but mistakenly accessed as "short", not "ushort".

There is a similar trouble with "cprefs" array, that is declared as "short[]", handles "u2" elements, and yet again accessed as "short". Note that JDK-8140685 rewired this to short T_LONG/T_INT as the Symbol* address.

This means we have a problem in 8u, but not anywhere else.

This is fairly easy to reproduce on the test case from JDK-8194246, if we simulate redefinition by doing this:

   // The method can be NULL if the requested class version is gone
-  Symbol* sym = (method != NULL) ? method->name() : holder->constants()->symbol_at(cpref);
+  Symbol* sym = holder->constants()->symbol_at(cpref);

Then the same out-of-bounds assert fires, now at cpref-taking path.
Comments
URL: https://hg.openjdk.java.net/jdk8u/jdk8u-dev/hotspot/rev/21394894714b User: shade Date: 2021-08-18 09:17:59 +0000
18-08-2021
Fix Request (8u) This is a symmetric follow-up for JDK-8194246. This is a 8u-specific patch, 8u RFR is acked by phh.
09-08-2021
8u variant: https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-July/014074.html
05-07-2021