Type-checked entryByIndex and readEntryOrNull
Chen Liang
liangchenblue at gmail.com
Tue May 21 11:54:10 UTC 2024
Hi Adam,
This patch is simple; since this can prevent a lot of bugs around malicious
CP references in crafted classfiles, should we consider this enhancement
for JDK 23, or should we only have this as internal APIs in ClassReaderImpl?
- Chen
On Mon, May 20, 2024 at 9:08 AM - <liangchenblue at gmail.com> wrote:
> Hi ClassFile API list,
> I call for addition of a type-checked entryByIndex in ConstantPool, with a
> signature:
> <T extends PoolEntry> T entryByIndex(int index, Class<T> cls)
> and a type-checked readEntryOrNull in ClassReader, with a signature:
> <T extends PoolEntry> T readEntryOrNull(int offset, Class<T> cls)
> Which will throw ConstantPoolException if the entry is of a mismatched
> type, much like the type-checked readClassEntry in ClassBuilder.
>
> A search for existing generic ConstantPool::entryByIndex and
> ClassReader::readEntryOrNull in JDK reveals that most of their usages
> within the jdk.internal.classfile.impl and its subpackages involve a direct
> cast right after retrieving the result. These casts are susceptible to
> malformed classfiles putting entries of wrong type, such as a Utf8 at the
> cursor of superclass entry, throwing ClassCastException, which is out of
> spec with the Classfile API.
>
> I recommend adding these 2 methods for user convenience, and migrating all
> existing entryByIndex/readEntryOrNull with casts to these 2 new methods, to
> enhance the robustness of the ClassFile API. (On a side note, we can
> promote ClassReader::utf8EntryByIndex to ConstantPool too)
>
> Please feel free to comment or critique this proposal.
>
> Chen Liang
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/classfile-api-dev/attachments/20240521/f4c9feea/attachment.htm>
More information about the classfile-api-dev
mailing list