From e69c49c82caa8fe108ab059dee8e6238a1cc31bd Mon Sep 17 00:00:00 2001
From: Artem Semenov <sav70792@gmail.com>
Date: Thu, 26 Jun 2025 16:19:21 +0300
Subject: [PATCH] 8360664 Null pointer dereference in
 src/hotspot/share/prims/jvmtiTagMap.cpp in
 IterateOverHeapObjectClosure::do_object()

Found by Linux Verification Center (linuxtesting.org) with SVACE.
signed-off-by: Artem Semenov <savoptik@altlinux.org>
---
 src/hotspot/share/prims/jvmtiTagMap.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/hotspot/share/prims/jvmtiTagMap.cpp b/src/hotspot/share/prims/jvmtiTagMap.cpp
index d3bf8862d3730..07af13d53efd0 100644
--- a/src/hotspot/share/prims/jvmtiTagMap.cpp
+++ b/src/hotspot/share/prims/jvmtiTagMap.cpp
@@ -944,6 +944,7 @@ class IterateOverHeapObjectClosure: public ObjectClosure {
 
 // invoked for each object in the heap
 void IterateOverHeapObjectClosure::do_object(oop o) {
+  if (o == nullptr) return;
   // check if iteration has been halted
   if (is_iteration_aborted()) return;
 
@@ -953,7 +954,7 @@ void IterateOverHeapObjectClosure::do_object(oop o) {
   }
 
   // skip if object is a dormant shared object whose mirror hasn't been loaded
-  if (o != nullptr && o->klass()->java_mirror() == nullptr) {
+  if (o->klass()->java_mirror() == nullptr) {
     log_debug(aot, heap)("skipped dormant archived object " INTPTR_FORMAT " (%s)", p2i(o),
                          o->klass()->external_name());
     return;
@@ -1032,6 +1033,7 @@ class IterateThroughHeapObjectClosure: public ObjectClosure {
 
 // invoked for each object in the heap
 void IterateThroughHeapObjectClosure::do_object(oop obj) {
+  if (obj == nullptr) return;
   // check if iteration has been halted
   if (is_iteration_aborted()) return;
 
@@ -1039,7 +1041,7 @@ void IterateThroughHeapObjectClosure::do_object(oop obj) {
   if (is_filtered_by_klass_filter(obj, klass())) return;
 
   // skip if object is a dormant shared object whose mirror hasn't been loaded
-  if (obj != nullptr &&   obj->klass()->java_mirror() == nullptr) {
+  if (obj->klass()->java_mirror() == nullptr) {
     log_debug(aot, heap)("skipped dormant archived object " INTPTR_FORMAT " (%s)", p2i(obj),
                          obj->klass()->external_name());
     return;