Created
January 20, 2015 22:03
-
-
Save coekie/bcd9dd858292b3a8e372 to your computer and use it in GitHub Desktop.
ByteBufferUseAfterFree
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.nio.ByteBuffer; | |
| import java.util.ArrayList; | |
| import java.util.List; | |
| // sub-optimal almost-reliable proof of concept JVM crasher. | |
| // see http://wouter.coekaerts.be/2015/resurrecting-phantomreference | |
| public class ByteBufferUseAfterFree { | |
| private static final int SIZE = 100_000; | |
| public static void main(String[] args) { | |
| List<ByteBuffer> badBuffers = new ArrayList<>(); | |
| while (true) { // keep trying until it crashes | |
| // create one new buffer pointing to freed memory | |
| badBuffers.add(getFreedBuffer(SIZE)); | |
| // overwrite all the bad memory references we collected so far | |
| for (ByteBuffer badBuffer : badBuffers) { | |
| badBuffer.clear(); | |
| badBuffer.put(new byte[SIZE]); | |
| } | |
| } | |
| } | |
| private static ByteBuffer getFreedBuffer(int size) { | |
| System.out.print('.'); // indicate we're making progress | |
| Necromancer<ByteBuffer> necromancer = | |
| new Necromancer<>(ByteBuffer.allocateDirect(size)); | |
| return necromancer.waitForDeathAndResurrect(); | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ........java(18061,0x10b5aa000) malloc: *** error for object 0x7f913107e208: incorrect checksum for freed object - object was probably modified after being freed. | |
| *** set a breakpoint in malloc_error_break to debug |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment