From 1bbde31ecc150802621b77a546cce6c5e5da3b00 Mon Sep 17 00:00:00 2001 From: Zhengyu Gu Date: Fri, 6 Feb 2026 14:25:07 +0000 Subject: [PATCH 1/2] Mitigating VMMethod::id() crash --- ddprof-lib/src/main/cpp/safeAccess.h | 5 +++++ ddprof-lib/src/main/cpp/stackWalker.cpp | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/ddprof-lib/src/main/cpp/safeAccess.h b/ddprof-lib/src/main/cpp/safeAccess.h index ab2ebf85..75b62cf8 100644 --- a/ddprof-lib/src/main/cpp/safeAccess.h +++ b/ddprof-lib/src/main/cpp/safeAccess.h @@ -73,6 +73,11 @@ class SafeAccess { NOINLINE __attribute__((aligned(16))) static void *loadPtr(void** ptr, void* default_value); + + static inline bool isReadable(void* ptr) { + return load32((int32_t*)ptr, 1) != 1 || + load32((int32_t*)ptr, -1) != -1; + } }; #endif // _SAFEACCESS_H diff --git a/ddprof-lib/src/main/cpp/stackWalker.cpp b/ddprof-lib/src/main/cpp/stackWalker.cpp index 60ea8520..0f1eb93d 100644 --- a/ddprof-lib/src/main/cpp/stackWalker.cpp +++ b/ddprof-lib/src/main/cpp/stackWalker.cpp @@ -59,7 +59,7 @@ static inline void fillFrame(ASGCT_CallFrame& frame, FrameTypeId type, int bci, } static jmethodID getMethodId(VMMethod* method) { - if (!inDeadZone(method) && aligned((uintptr_t)method)) { + if (!inDeadZone(method) && aligned((uintptr_t)method) && SafeAccess::isReadable((void*)method)) { return method->validatedId(); } return NULL; From f934669f513c460812c7090e92908987cc47fac9 Mon Sep 17 00:00:00 2001 From: Zhengyu Gu Date: Fri, 6 Feb 2026 14:44:03 +0000 Subject: [PATCH 2/2] gtest --- ddprof-lib/src/test/cpp/safefetch_ut.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ddprof-lib/src/test/cpp/safefetch_ut.cpp b/ddprof-lib/src/test/cpp/safefetch_ut.cpp index c9d1da76..0c0fad37 100644 --- a/ddprof-lib/src/test/cpp/safefetch_ut.cpp +++ b/ddprof-lib/src/test/cpp/safefetch_ut.cpp @@ -105,6 +105,12 @@ TEST_F(SafeFetchTest, invalidAccessPtr) { EXPECT_EQ(res, bp); } +TEST_F(SafeFetchTest, isReadable) { + char c = 'x'; + EXPECT_TRUE(SafeAccess::isReadable(&c)); + EXPECT_FALSE(SafeAccess::isReadable(nullptr)); +} + /** * Tests that safeFetch32 correctly handles mprotected memory. *