Bug 138306
Summary: | Heap corruption occurs during call to JNI_CreateJavaVM | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 3 | Reporter: | Matthew Gregan [:kinetik] <kinetik> | ||||
Component: | glibc | Assignee: | Jakub Jelinek <jakub> | ||||
Status: | CLOSED NOTABUG | QA Contact: | Brian Brock <bbrock> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 3.0 | CC: | shillman | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | i686 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2004-11-17 21:58:16 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Matthew Gregan [:kinetik]
2004-11-08 00:58:26 UTC
Created attachment 106265 [details]
Testcase
The chances this is a bug in Sun JDK are way bigger. If I LD_PRELOAD=libefence.so.0, I always see a crash in apparently JIT created code that does: 0x00fdfa1e: mov %eax,0xffffd000(%esp) This is invalid, on i386 it is never allowed to access memory below the stack and the kernel rightfully kills the process with SIGSEGV. This is not code created by glibc (glibc never creates executable code in malloced memory), but JDK, therefore the bug is in there. With MALLOC_CHECK_=3 I see: #0 0x00562cdf in raise () from /lib/tls/libc.so.6 #1 0x005644e5 in abort () from /lib/tls/libc.so.6 #2 0x005ae729 in malloc_check () from /lib/tls/libc.so.6 #3 0x005ac4fd in calloc () from /lib/tls/libc.so.6 #4 0x006a95cf in ZIP_Close () from /tmp/usr/java/j2sdk1.4.2_06/jre/lib/i386/libzip.so #5 0x006a9bf7 in ZIP_GetEntry () from /tmp/usr/java/j2sdk1.4.2_06/jre/lib/i386/libzip.so #6 0x006aa135 in ZIP_FindEntry () from /tmp/usr/java/j2sdk1.4.2_06/jre/lib/i386/libzip.so #7 0x0025d620 in ClassPathZipEntry::open_stream () from /tmp/usr/java/j2sdk1.4.2_06/jre/lib/i386/client/libjvm.so #8 0x0025e525 in ClassLoader::load_classfile () from /tmp/usr/java/j2sdk1.4.2_06/jre/lib/i386/client/libjvm.so ... Even the MALLOC_CHECK_=3 failures look like bugs in JDK. But it is really hard to debug this without JDK's source, so it is something that Sun should debug and fix. |