On Thu, 2009-04-16 at 23:25 +0200, Tomek Grabiec wrote:
>
> The segfault in fixup_invoke is caused by a memory corruption (the
> 'next' pointer of trampoline.fixup_site_list gets overwritten)
> originated in __get_spill_slot() (stack-slot.c:74), below is the
> responsible snippet:
>
> slot = &frame->spill_slots[frame->nr_spill_slots];
> slot->index = frame->nr_local_slots + frame->nr_spill_slots;
>
> frame->nr_spill_slots exceeds the bounds of frame->spill_slots, so
> assignment to slot->index causes memory corruption.
> The crash does not happen if MAX_SPILL_SLOTS is increased to 132.
>
> The solution for that is to dynamically allocate spill slots as
> there's no upper limit for them.
This if fixed by commit 1e7054a3bdf4295301190177eef1f2c2f348ba58 ("jit:
allocate spill slots dynamically"). Thanks guys!
Pekka
------------------------------------------------------------------------------
Stay on top of everything new and different, both inside and
around Java (TM) technology - register by April 22, and save
$200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
300 plus technical and hands-on sessions. Register today.
Use priority code J9JMT32. http://p.sf.net/sfu/p
_______________________________________________
Jatovm-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jatovm-devel
