[OpenJDK 2D-Dev] [9] RFR JDK-8160455 : KSS : class.forName issue in TIFFImageMetadata.java
Brian Burkhalter
brian.burkhalter at oracle.com
Thu Aug 4 15:35:46 UTC 2016
+2
Brian
On Aug 4, 2016, at 8:31 AM, Philip Race <philip.race at oracle.com> wrote:
> +1
>
> -phil
>
> On 8/4/16, 4:55 AM, Jayathirth D V wrote:
>>
>> Hi,
>>
>> Please review the following fix in JDK9 at your convenience:
>>
>> Bug :https://bugs.openjdk.java.net/browse/JDK-8160455
>> Webrev :http://cr.openjdk.java.net/~jdv/8160455/webrev.00/
>>
>> Root cause : We are directly getting string present in XML DOM tree from attribute “tagSets” and creating class from it using class.forName(). XML DOM tree string can be an invalid also which we don’t check.
>> Solution : Verify whether the string from XML DOM tree maps to any of the subclasses of “TIFFTagSet” before initializing the class using isAssignableFrom(). This adds tighter check before initializing the class from XML DOM tree string.
>>
>> Thanks,
>> Jay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/2d-dev/attachments/20160804/95d16ff9/attachment.html>
More information about the 2d-dev
mailing list