Re: RFR: 8372493: [asan] java/foreign/sharedclosejvmti/TestSharedCloseJvmti.java triggers heap-use-after-free

Wed, 17 Dec 2025 05:55:49 -0800 

On Tue, 16 Dec 2025 18:47:34 GMT, Jorn Vernee <[email protected]> wrote:

> ASAN correctly detected a use-after-free in this test.
> 
> The issue is that an async `ScopedAccessError` is thrown while executing java 
> code as part of a JVMTI callback. This exception is meant to unwind out of a 
> scoped memory access, to prevent access to memory that has already been 
> freed. But, currently the native agent code is printing and clearing the 
> exception, which doesn't prevent the memory access from occurring, leading to 
> a use-after-free.
> 
> Ideally, the agent should propagate the exception to the place in the Java 
> code where the JVMTI event happens, but it is not possible to exit the 
> callback with a pending exception, and AFAICT there is no JVMTI API for 
> propagating async exceptions that are thrown during a JVMTI callback. So, the 
> only sane thing the test can do is exit the process, which is what I've 
> implemented here.
> 
> This fixes the test, but it leaves the larger question of how JVMTI agents 
> should deal with async exceptions unresolved.

The updated logic in the test looks clear. And it properly prevents the 
asan-identified access from happening.

test/jdk/java/foreign/sharedclosejvmti/libSharedCloseAgent.cpp line 109:

> 107:     jni_env->ExceptionDescribe();
> 108:     if (jni_env->IsInstanceOf(ex, EXCEPTION_CLS)) {
> 109:       exit(0); // success

Just curious, does this just terminate the agent? If this terminates the JVM, 
how is the checked string printed:

output.stderrShouldContain("Exception in thread "Trigger" 
jdk.internal.misc.ScopedMemoryAccess$ScopedAccessError: Invalid memory access");

test/jdk/java/foreign/sharedclosejvmti/libSharedCloseAgent.cpp line 115:

> 113:   }
> 114: 
> 115:   jvmti_env->Deallocate((unsigned char*) method_name);

We can move the 2 Deallocate to right above CallStaticVoidMethod.

-------------

Marked as reviewed by liach (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28853#pullrequestreview-3585028117
PR Review Comment: https://git.openjdk.org/jdk/pull/28853#discussion_r2624622160
PR Review Comment: https://git.openjdk.org/jdk/pull/28853#discussion_r2624619545

Reply via email to