Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.List;
// sub-optimal almost-reliable proof of concept JVM crasher.
// see
public class ByteBufferUseAfterFree {
private static final int SIZE = 100_000;
public static void main(String[] args) {
List<ByteBuffer> badBuffers = new ArrayList<>();
while (true) { // keep trying until it crashes
// create one new buffer pointing to freed memory
// overwrite all the bad memory references we collected so far
for (ByteBuffer badBuffer : badBuffers) {
badBuffer.put(new byte[SIZE]);
private static ByteBuffer getFreedBuffer(int size) {
System.out.print('.'); // indicate we're making progress
Necromancer<ByteBuffer> necromancer =
new Necromancer<>(ByteBuffer.allocateDirect(size));
return necromancer.waitForDeathAndResurrect();
},0x10b5aa000) malloc: *** error for object 0x7f913107e208: incorrect checksum for freed object - object was probably modified after being freed.
*** set a breakpoint in malloc_error_break to debug
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment