Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8216486

Possibility of integer overflow in JfrThreadSampler::run()

    Details

    • Subcomponent:
      jfr
    • Resolved In Build:
      b04

      Backports

        Description

        https://mail.openjdk.java.net/pipermail/hotspot-jfr-dev/2018-May/000047.html

        I tried JFR: `java -XX:StartFlightRecording=dumponexit=true,filename=test.jfr --version` with fastdebug VM, but it crashed.
        I uploaded hs_err log here:

           http://cr.openjdk.java.net/~ysuenaga/jfr-integer-overflow/hs_err_pid46934.log

        I encountered this crash on Fedora 28 x64. VM was built with GCC 8.1 .

        I checked core image, and I found possibility of integer overflow in JfrThreadSampler::run().
        I paste GDB frame info:

        ```
        (gdb) f 24
        #24 0x00007f657a5937b7 in os::naked_short_sleep (ms=9223372036854775807)
             at /home/ysuenaga/OpenJDK/jdk/src/hotspot/os/linux/os_linux.cpp:4076
        4076 assert(ms < 1000, "Un-interruptable sleep, short time use only");
        (gdb) p/x ms
        $1 = 0x7fffffffffffffff
        ```

        Frame #24 is an assertion which is caused this crash.
        `ms` is max_jlong.
        JfrThreadSampler::run() calculates `next_j` and `next_n` to calculate sleep time, but it might be overflowed.

        So I think it can be fixed as below:
           http://cr.openjdk.java.net/~ysuenaga/jfr-integer-overflow/webrev/

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  ysuenaga Yasumasa Suenaga
                  Reporter:
                  ysuenaga Yasumasa Suenaga
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: