Groovy broken with 7u65 security update: VerifyError

Bug #1360392 reported by Daryl Robbins on 2014-08-22
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openjdk-7 (Ubuntu)
Undecided
billhuey
Precise
Undecided
billhuey
Trusty
Undecided
billhuey
Utopic
Undecided
billhuey

Bug Description

Description: Ubuntu 14.04.1 LTS
Release: 14.04

After applying security update 7u65-2.5.1-4ubuntu1~0.14.04.1 earlier this week, all of our compiled Groovy code ceased to function, throwing the following exception from numerous classes:

java.lang.VerifyError: Bad <init> method call from inside of a branch
Exception Details:
  Location:
    com/mgd/api/service/security/TokenValidationException.<init>(Ljava/lang/Throwable;)V @87: invokespecial
  Reason:
    Error exists in the bytecode
  Bytecode:
    0000000: b800 184d 04bd 0023 5903 2b53 5910 ff12
    0000010: 04b8 0029 2a5f ab00 0000 00af 0000 0005
    0000020: 8794 83a0 0000 0032 aad3 b1ff 0000 0047
    0000030: c783 a456 0000 005a f0c1 c756 0000 0087
    0000040: 0000 9b75 0000 00a6 5f5a 5903 3212 2bb8
    0000050: 002f c000 2b5f 57b7 0032 a700 755f 5a59
    0000060: 0332 b800 38c0 003a 5f57 b700 3ca7 0062
    0000070: 5f5a 5903 32b8 0038 c000 3a5f 5904 3212
    0000080: 2bb8 002f c000 2b5f 5905 32b8 0042 5f59
    0000090: 0632 b800 425f 57b7 0045 a700 355f 5a59
    00000a0: 0332 b800 38c0 003a 5f59 0432 122b b800
    00000b0: 2fc0 002b 5f57 b700 48a7 0016 5f5a 57b7
    00000c0: 0014 a700 0dbb 004a 5912 4cb7 004d bf57
    00000d0: 2ab6 001c 4e2d 2a5f b500 1e2d 57b1
  Stackmap Table:
    full_frame(@72,{UninitializedThis,Object[#43],Object[#81]},{Object[#83],UninitializedThis})
    full_frame(@93,{UninitializedThis,Object[#43],Object[#81]},{Object[#83],UninitializedThis})
    full_frame(@112,{UninitializedThis,Object[#43],Object[#81]},{Object[#83],UninitializedThis})
    full_frame(@157,{UninitializedThis,Object[#43],Object[#81]},{Object[#83],UninitializedThis})
    full_frame(@188,{UninitializedThis,Object[#43],Object[#81]},{Object[#83],UninitializedThis})
    full_frame(@197,{UninitializedThis,Object[#43],Object[#81]},{Object[#83],UninitializedThis})
    full_frame(@207,{Object[#2],Object[#43],Object[#81]},{Object[#83]})
] with root cause
java.lang.VerifyError: Bad <init> method call from inside of a branch

Downgrading back to 7u51-2.4.6-1ubuntu4 resolved the issue.

This is a known issue with this particular version:
https://bugs.openjdk.java.net/browse/JDK-8051012
http://jira.codehaus.org/browse/GROOVY-6951

billhuey (bill-huey) wrote :

This is apart of the security changes apparently according to my discussion with Andrew Hughs.

http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/bad107a5d096

Is the backported patch apparently

Jamie Strandboge (jdstrand) wrote :

Sponsored Bill's update to Utopic which is building now.

Changed in openjdk-7 (Ubuntu Utopic):
assignee: nobody → billhuey (bill-huey)
Changed in openjdk-7 (Ubuntu Trusty):
assignee: nobody → billhuey (bill-huey)
Changed in openjdk-7 (Ubuntu Precise):
assignee: nobody → billhuey (bill-huey)
status: New → Fix Committed
Changed in openjdk-7 (Ubuntu Trusty):
status: New → Fix Committed
Changed in openjdk-7 (Ubuntu Utopic):
status: New → Fix Committed
Jamie Strandboge (jdstrand) wrote :

Sponsored Bill's update to Trusty and Precise to https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa. Can people try them out and report back on if it fixes the issue for them? I'll issue a regression USN for these on Monday.

Daryl Robbins (darylrobbins) wrote :

I'm trying to test the fix but can't seem to get it to apply. I added the ppa, did apt-get update, and then dist-upgrade, but it's still applying the latest version from the official repository. Do I need to do anything to get it to pickup? Thanks!

Jamie Strandboge (jdstrand) wrote :

Daryl, it isn't done building yet. You can check the status of the builds more easily here: https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages

Daryl Robbins (darylrobbins) wrote :

Fix works perfectly for me. It seems to be running the Groovy code without issue now.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openjdk-7 - 7u65-2.5.1-4ubuntu1~0.14.04.2

---------------
openjdk-7 (7u65-2.5.1-4ubuntu1~0.14.04.2) trusty-security; urgency=medium

  [ Matthias Klose ]
  * debian/patches/it-aarch64-zero-default.diff: fix quoting of configure args
    for the zero build.

  [ Bill Huey ]
  * Fix a stack verifier regression in the latest security updates
    - http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/bad107a5d096
    - LP: #1360392
 -- Bill Huey <email address hidden> Sat, 23 Aug 2014 07:35:37 -0500

Changed in openjdk-7 (Ubuntu Trusty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openjdk-7 - 7u65-2.5.1-4ubuntu1~0.12.04.2

---------------
openjdk-7 (7u65-2.5.1-4ubuntu1~0.12.04.2) precise-security; urgency=medium

  * Fix a stack verifier regression in the latest security updates
    - http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/bad107a5d096
    - LP: #1360392
 -- Bill Huey <email address hidden> Sat, 23 Aug 2014 07:35:37 -0500

Changed in openjdk-7 (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openjdk-7 - 7u65-2.5.1-5ubuntu1

---------------
openjdk-7 (7u65-2.5.1-5ubuntu1) utopic; urgency=medium

  * Merge from Debian 7u65-2.5.1-5

openjdk-7 (7u65-2.5.1-5) unstable; urgency=medium

  * Fix quoting of configure args for the zero build.
  * Fix a stack verifier regression in the latest security updates.
    http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/bad107a5d096
    (Bill Huey) LP: #1360392.
  * Don't ship the apt binary anymore for new releases (deprecated upstream).
  * Let openjdk-7-source replace openjdk-7-jdk, widening the version range.
  * Update the hotspot for AArch64, rev 778cb4032983.
 -- Jamie Strandboge <email address hidden> Mon, 25 Aug 2014 12:53:54 -0500

Changed in openjdk-7 (Ubuntu Utopic):
status: Fix Committed → Fix Released
Gnu-andrew (gnu-andrew) wrote :

A new release, 2.5.2 (http://bitly.com/it20502), is now available, which includes this fix.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers