8360664: Null pointer dereference in src/hotspot/share/prims/jvmtiTagMap.cpp in IterateOverHeapObjectClosure::do_object()

[savoptik]

The defect has been detected and confirmed in the function IterateOverHeapObjectClosure::do_object() located in the file src/hotspot/share/prims/jvmtiTagMap.cpp with static code analysis. This defect can potentially lead to a null pointer dereference.

The pointer oop o is passed to the constructor of the CallbackWrapper class, where it is dereferenced without a null check.

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issues

• JDK-8360664: Null pointer dereference in src/hotspot/share/prims/jvmtiTagMap.cpp in IterateOverHeapObjectClosure::do_object() (Bug - P4)
• JDK-8360670: Null pointer dereference in src/hotspot/share/prims/jvmtiTagMap.cpp in IterateThroughHeapObjectClosure::do_object() (Bug - P4)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/26002/head:pull/26002
$ git checkout pull/26002

Update a local copy of the PR:
$ git checkout pull/26002
$ git pull https://git.openjdk.org/jdk.git pull/26002/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 26002

View PR using the GUI difftool:
$ git pr show -t 26002

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/26002.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back asemenov! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

[openjdk]

@savoptik The following labels will be automatically applied to this pull request:

• hotspot
• serviceability

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing lists. If you would like to change these labels, use the /label pull request command.

[mlbridge]

Webrevs

• 01: Full - Incremental (e69c49c8)
• 00: Full (ee6a0ff7)

[savoptik]

/issue add 8360670

[openjdk]

@savoptik
Adding additional issue to issue list: 8360670: Null pointer dereference in src/hotspot/share/prims/jvmtiTagMap.cpp in IterateThroughHeapObjectClosure::do_object().

[openjdk]

@savoptik Please do not rebase or force-push to an active PR as it invalidates existing review comments. Note for future reference, the bots always squash all changes into a single commit automatically as part of the integration. See OpenJDK Developers’ Guide for more information.

[plummercj]

It's concerning that we don't have tests cases that uncover these bugs. Perhaps it's not actually possible for NULL to be passed when constructing CallbackWrapper.

[dholmes-ora]

I think this is a false positive from the static code analyzer. If we are iterating over the heap then the closure is only ever passed actual oops, so it can't be null.

At most I would add an assert, but generally my understanding is that the user of any closure has the responsibility of passing it valid input.

[sspitsyn]

At most I would add an assert, but generally my understanding is that the user of any closure has the responsibility of passing it valid input.

Adding asserts sounds like a good suggestion.

[sspitsyn]

I'm a little bit confused why we have twp bugs for this issue.
The bug JDK-8360670 seems to be a dup of:
JDK-8360664: Null pointer dereference in src/hotspot/share/prims/jvmtiTagMap.cpp in IterateOverHeapObjectClosure::do_object()
Should it be closed as a dup?