8180813: Null pointer dereference of CodeCache::find_blob() result
authorthartmann
Wed, 24 May 2017 16:53:58 +0200
changeset 45325 2cded43c8842
parent 45246 9e1b29faefa9
child 45326 9bf9d38e7dbe
8180813: Null pointer dereference of CodeCache::find_blob() result Summary: Fixed missing null checks on the result of CodeCache::find_blob() found by Parfait. Reviewed-by: shade, kvn
hotspot/src/share/vm/code/relocInfo.cpp
hotspot/src/share/vm/runtime/sharedRuntime.cpp
--- a/hotspot/src/share/vm/code/relocInfo.cpp	Mon May 22 15:28:12 2017 -0700
+++ b/hotspot/src/share/vm/code/relocInfo.cpp	Wed May 24 16:53:58 2017 +0200
@@ -129,9 +129,9 @@
   if (nm == NULL && begin != NULL) {
     // allow nmethod to be deduced from beginning address
     CodeBlob* cb = CodeCache::find_blob(begin);
-    nm = cb->as_compiled_method_or_null();
+    nm = (cb != NULL) ? cb->as_compiled_method_or_null() : NULL;
   }
-  assert(nm != NULL, "must be able to deduce nmethod from other arguments");
+  guarantee(nm != NULL, "must be able to deduce nmethod from other arguments");
 
   _code    = nm;
   _current = nm->relocation_begin() - 1;
--- a/hotspot/src/share/vm/runtime/sharedRuntime.cpp	Mon May 22 15:28:12 2017 -0700
+++ b/hotspot/src/share/vm/runtime/sharedRuntime.cpp	Wed May 24 16:53:58 2017 +0200
@@ -549,7 +549,7 @@
   CodeBlob *cb = CodeCache::find_blob(pc);
 
   // Should be an nmethod
-  assert(cb && cb->is_compiled(), "safepoint polling: pc must refer to an nmethod");
+  guarantee(cb != NULL && cb->is_compiled(), "safepoint polling: pc must refer to an nmethod");
 
   // Look up the relocation information
   assert(((CompiledMethod*)cb)->is_at_poll_or_poll_return(pc),
@@ -1802,7 +1802,7 @@
   if (destination != entry_point) {
     CodeBlob* callee = CodeCache::find_blob(destination);
     // callee == cb seems weird. It means calling interpreter thru stub.
-    if (callee == cb || callee->is_adapter_blob()) {
+    if (callee != NULL && (callee == cb || callee->is_adapter_blob())) {
       // static call or optimized virtual
       if (TraceCallFixup) {
         tty->print("fixup callsite           at " INTPTR_FORMAT " to compiled code for", p2i(caller_pc));
@@ -1851,7 +1851,7 @@
   // ask me how I know this...
 
   CodeBlob* cb = CodeCache::find_blob(caller_pc);
-  if (!cb->is_compiled() || entry_point == moop->get_c2i_entry()) {
+  if (cb == NULL || !cb->is_compiled() || entry_point == moop->get_c2i_entry()) {
     return;
   }