Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8267908

linux: thread_native_entry can scribble on stack frame

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: 17
    • Fix Version/s: 17
    • Component/s: hotspot
    • Labels:
    • Subcomponent:
    • Resolved In Build:
      b26
    • CPU:
      generic
    • OS:
      linux

      Description

      Looking at https://github.com/openjdk/jdk/blob/master/src/hotspot/os/linux/os_linux.cpp#L675

      there is

        void *stackmem = alloca(((pid ^ counter++) & 7) * 128);
        // Ensure the alloca result is used in a way that prevents the compiler from eliding it.
        *(char *)stackmem = 1;

      If the expression supplied to alloca is 0, then no additional space is allocated in the frame and returned pointer points at whatever is at SP. If space was allocated by the alloca, then that is space that can be written on by the assignment through stackmem. If space was not allocated by alloca, then writing through stackmem writes on whatever is pointed to by SP, which is "Probably Not Good"(TM).

      This issue won't happen often, given the math around pid and the counter, but it is possible. A fix might be to make sure that the math never returns 0.

      Discovered by inspection.  Creating a reproducible test case would be difficult.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              dholmes David Holmes
              Reporter:
              pbk Peter Kessler
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: