Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Fix ASan heap-buffer-overflow in signal handlers#337

Merged
jbachorik merged 1 commit into
mainDataDog/java-profiler:mainfrom
jb/asanDataDog/java-profiler:jb/asanCopy head branch name to clipboard
Jan 23, 2026
Merged

Fix ASan heap-buffer-overflow in signal handlers#337
jbachorik merged 1 commit into
mainDataDog/java-profiler:mainfrom
jb/asanDataDog/java-profiler:jb/asanCopy head branch name to clipboard

Conversation

@jbachorik

@jbachorik jbachorik commented Jan 21, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

What does this PR do?:

Use SafeAccess for signal-handler memory reads in vmStructs.h to prevent crashes when reading from partially initialized thread structures during GC worker thread creation.

Motivation:

Fixes ASan heap-buffer-overflow errors in CI where the CTimer signal handler was delivering signals to newly created GC worker threads before their VMThread structure was fully initialized. The TLS pointer returned a valid address but offset calculations resulted in reading memory before the allocated region ("72 bytes to the left").

Additional Notes:

While doing this change I took a sweep on other signal-handler-accessible methods where SafeAccess makes sense:

  • VMThread::state() - Uses SafeAccess::load32()
  • VMThread::inDeopt() - Uses SafeAccess::loadPtr()
  • JavaFrameAnchor::lastJavaSP() - Uses SafeAccess::loadPtr()
  • JavaFrameAnchor::lastJavaFP() - Uses SafeAccess::loadPtr()
  • JavaFrameAnchor::lastJavaPC() - Uses SafeAccess::loadPtr()
  • JavaFrameAnchor::fromEntryFrame() - Uses SafeAccess::loadPtr()

How to test the change?:

For Datadog employees:

  • If this PR touches code that signs or publishes builds or packages, or handles
    credentials of any kind, I've requested a review from @DataDog/security-design-and-guidance.
  • This PR doesn't touch any of that.

🤖 Generated with Claude Code

@jbachorik @claude
Use SafeAccess for signal-handler memory reads in vmStructs.h
54a4f9a 
Protect methods called from signal handlers against partially
initialized thread structures during GC worker thread creation.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@jbachorik jbachorik added the AI label Jan 21, 2026
@dd-octo-sts

dd-octo-sts Bot commented Jan 21, 2026

Copy link
Copy Markdown
Contributor

Scan-Build Report

User:runner@runnervmmtnos
Working Directory:/home/runner/work/java-profiler/java-profiler/ddprof-lib/src/test/make
Command Line:make -j4 clean all
Clang Version:Ubuntu clang version 18.1.3 (1ubuntu1)
Date:Wed Jan 21 18:50:35 2026

Bug Summary

Bug TypeQuantityDisplay?
All Bugs10
Unused code
Dead assignment2
Dead initialization7
Dead nested assignment1

Reports

Bug Group Bug Type ▾ File Function/Method Line Path Length
Unused codeDead assignmentlibraryPatcher_linux.cpppatch_library_unlocked931
Unused codeDead assignmentstackWalker.cppwalkVM5511
Unused codeDead initializationjavaApi.cppJava_com_datadoghq_profiler_JavaProfiler_getStatus01191
Unused codeDead initializationprofiler.cpprunInternal16441
Unused codeDead initializationflightRecorder.cppcleanupUnreferencedMethods6581
Unused codeDead initializationflightRecorder.cppcleanupUnreferencedMethods6911
Unused codeDead initializationflightRecorder.cppresolveMethod3511
Unused codeDead initializationjavaApi.cppJava_com_datadoghq_profiler_OTelContext_setProcessCtx04751
Unused codeDead initializationvmStructs_dd.cppinitOffsets561
Unused codeDead nested assignmentvmStructs_dd.cppcheckNativeBinding3881

@jbachorik jbachorik marked this pull request as ready for review January 21, 2026 19:10
@jbachorik jbachorik requested a review from a team as a code owner January 21, 2026 19:10
@dd-octo-sts

dd-octo-sts Bot commented Jan 21, 2026

Copy link
Copy Markdown
Contributor

Scan-Build Report

User:runner@runnervmmtnos
Working Directory:/home/runner/work/java-profiler/java-profiler/ddprof-lib/src/test/make
Command Line:make -j4 clean all
Clang Version:Ubuntu clang version 18.1.3 (1ubuntu1)
Date:Wed Jan 21 19:22:20 2026

Bug Summary

Bug TypeQuantityDisplay?
All Bugs10
Unused code
Dead assignment2
Dead initialization7
Dead nested assignment1

Reports

Bug Group Bug Type ▾ File Function/Method Line Path Length
Unused codeDead assignmentlibraryPatcher_linux.cpppatch_library_unlocked931
Unused codeDead assignmentstackWalker.cppwalkVM5511
Unused codeDead initializationjavaApi.cppJava_com_datadoghq_profiler_JavaProfiler_getStatus01191
Unused codeDead initializationprofiler.cpprunInternal16441
Unused codeDead initializationflightRecorder.cppcleanupUnreferencedMethods6581
Unused codeDead initializationflightRecorder.cppcleanupUnreferencedMethods6911
Unused codeDead initializationflightRecorder.cppresolveMethod3511
Unused codeDead initializationjavaApi.cppJava_com_datadoghq_profiler_OTelContext_setProcessCtx04751
Unused codeDead initializationvmStructs_dd.cppinitOffsets561
Unused codeDead nested assignmentvmStructs_dd.cppcheckNativeBinding3881

@dd-octo-sts

dd-octo-sts Bot commented Jan 21, 2026

Copy link
Copy Markdown
Contributor

Scan-Build Report

User:runner@runnervmmtnos
Working Directory:/home/runner/work/java-profiler/java-profiler/ddprof-lib/src/test/make
Command Line:make -j4 clean all
Clang Version:Ubuntu clang version 18.1.3 (1ubuntu1)
Date:Wed Jan 21 19:46:58 2026

Bug Summary

Bug TypeQuantityDisplay?
All Bugs10
Unused code
Dead assignment2
Dead initialization7
Dead nested assignment1

Reports

Bug Group Bug Type ▾ File Function/Method Line Path Length
Unused codeDead assignmentlibraryPatcher_linux.cpppatch_library_unlocked931
Unused codeDead assignmentstackWalker.cppwalkVM5511
Unused codeDead initializationjavaApi.cppJava_com_datadoghq_profiler_JavaProfiler_getStatus01191
Unused codeDead initializationprofiler.cpprunInternal16441
Unused codeDead initializationflightRecorder.cppcleanupUnreferencedMethods6581
Unused codeDead initializationflightRecorder.cppcleanupUnreferencedMethods6911
Unused codeDead initializationflightRecorder.cppresolveMethod3511
Unused codeDead initializationjavaApi.cppJava_com_datadoghq_profiler_OTelContext_setProcessCtx04751
Unused codeDead initializationvmStructs_dd.cppinitOffsets561
Unused codeDead nested assignmentvmStructs_dd.cppcheckNativeBinding3881

r1viollet
r1viollet approved these changes Jan 22, 2026
View reviewed changes

@r1viollet r1viollet left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jbachorik jbachorik merged commit 7fad21b into main Jan 23, 2026
365 of 368 checks passed
@jbachorik jbachorik deleted the jb/asan branch January 23, 2026 08:39
@github-actions github-actions Bot added this to the 1.37.0 milestone Jan 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rkennke rkennke rkennke approved these changes
@r1viollet r1viollet r1viollet approved these changes

Assignees

No one assigned

Labels

AI

Projects

None yet

Milestone

1.37.0

Development

Successfully merging this pull request may close these issues.

3 participants

@jbachorik @rkennke @r1viollet
Morty Proxy This is a proxified and sanitized view of the page, visit original site.