7106751: G1: gc/gctests/nativeGC03 crashes VM with SIGSEGV

_cset_rs_update_cl[] was indexed with values beyond what it is set up to handle. Reviewed-by: ysr, jmasa, johnc
2011-11-02 08:04:23 +01:00 · 2011-11-02 08:04:23 +01:00 · b47310ebf8
commit b47310ebf8
parent c444c3eee7
1 changed files with 10 additions and 2 deletions
--- a/hotspot/src/share/vm/gc_implementation/g1/g1RemSet.cpp
+++ b/hotspot/src/share/vm/gc_implementation/g1/g1RemSet.cpp
@ -635,10 +635,18 @@ bool G1RemSet::concurrentRefineOneCard_impl(jbyte* card_ptr, int worker_i,
  ct_freq_note_card(_ct_bs->index_for(start));
 #endif

-  assert(!check_for_refs_into_cset || _cset_rs_update_cl[worker_i] != NULL, "sanity");
+  OopsInHeapRegionClosure* oops_in_heap_closure = NULL;
+  if (check_for_refs_into_cset) {
+    // ConcurrentG1RefineThreads have worker numbers larger than what
+    // _cset_rs_update_cl[] is set up to handle. But those threads should
+    // only be active outside of a collection which means that when they
+    // reach here they should have check_for_refs_into_cset == false.
+    assert((size_t)worker_i < n_workers(), "index of worker larger than _cset_rs_update_cl[].length");
+    oops_in_heap_closure = _cset_rs_update_cl[worker_i];
+  }
  UpdateRSOrPushRefOopClosure update_rs_oop_cl(_g1,
                                               _g1->g1_rem_set(),
-                                               _cset_rs_update_cl[worker_i],
+                                               oops_in_heap_closure,
                                               check_for_refs_into_cset,
                                               worker_i);
  update_rs_oop_cl.set_from(r);