[OpenJDK 2D-Dev] [9] RFR JDK-8160455 : KSS : class.forName issue in TIFFImageMetadata.java
Philip Race
philip.race at oracle.com
Thu Aug 4 15:31:44 UTC 2016
+1
-phil
On 8/4/16, 4:55 AM, Jayathirth D V wrote:
>
> Hi,
>
> Please review the following fix in JDK9 at your convenience:
>
> Bug : https://bugs.openjdk.java.net/browse/JDK-8160455
>
> Webrev : http://cr.openjdk.java.net/~jdv/8160455/webrev.00/
> <http://cr.openjdk.java.net/%7Ejdv/8160455/webrev.00/>
>
> Root cause : We are directly getting string present in XML DOM tree
> from attribute "tagSets" and creating class from it using
> class.forName(). XML DOM tree string can be an invalid also which we
> don't check.
>
> Solution : Verify whether the string from XML DOM tree maps to any of
> the subclasses of "TIFFTagSet" before initializing the class using
> isAssignableFrom(). This adds tighter check before initializing the
> class from XML DOM tree string.
>
> Thanks,
>
> Jay
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/2d-dev/attachments/20160804/4a7203d8/attachment.html>
More information about the 2d-dev
mailing list