JDK-8355896 : Lossy narrowing cast of JVMCINMethodData::size
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 25
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2025-04-29
  • Updated: 2025-05-06
  • Resolved: 2025-05-06
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 25
25 masterFixed
Related Reports
Relates :  
JDK-8343789 - Move mutable nmethod data out of CodeCache
Relates :  
JDK-8355034 - [JVMCI] assert(static_cast(_jvmci_data_size) == align_up(compiler->is_jvmci() ? jvmci_data->size() : 0, oopSize)) failed: failed: 104 != 16777320
Description
In JDK-8343789, the 32-bit int value returned by JVMCINMethodData::size was cast to a uint_16. This value is used to compute the offset of the JVMCINMethodData chunk in  CodeBlob::_mutable_data. The allocation of memory for CodeBlob::_mutable_data on the other hand, uses JVMCINMethodData::size without any casting. This inconsistency results in memory being written out of bounds in the case where a very long name is attached to JVMCI installed code (see JDK-8355034).

I think the right fix is to revert nmethod::_jvmci_data_size back to an int.
Comments
Changeset: aea28371 Branch: master Author: Boris Ulasevich <bulasevich@openjdk.org> Date: 2025-05-06 01:26:15 +0000 URL: https://git.openjdk.org/jdk/commit/aea2837143289800cfbb7044de4f105e87e233ff
06-05-2025
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/24965 Date: 2025-04-30 13:10:19 +0000
30-04-2025
ILW = same as JDK-8355034 = HLM = P3
29-04-2025