Type-checked entryByIndex and readEntryOrNull

Adam Sotona adam.sotona at oracle.com
Tue May 21 12:19:44 UTC 2024 

Hi Chen,
Internally it is already resolved, and it does not bring much of a value to change only internal implementation.

I'm OK with the proposed API addition, however real use cases would give the proposal more weight.
Priority is to clean the Class-File API and additions to the API should be backed by real use cases or visible benefits in the existing code.
Procedurally, feel free to go ahead and propose it to 23.

Thanks,
Adam

From: Chen Liang <liangchenblue at gmail.com>
Date: Tuesday, 21 May 2024 at 13:54
To: classfile-api-dev <classfile-api-dev at openjdk.org>, asotona at openjdk.org <asotona at openjdk.org>
Subject: Re: Type-checked entryByIndex and readEntryOrNull
Hi Adam,
This patch is simple; since this can prevent a lot of bugs around malicious CP references in crafted classfiles, should we consider this enhancement for JDK 23, or should we only have this as internal APIs in ClassReaderImpl?

- Chen


On Mon, May 20, 2024 at 9:08 AM - <liangchenblue at gmail.com<mailto:liangchenblue at gmail.com>> wrote:
Hi ClassFile API list,
I call for addition of a type-checked entryByIndex in ConstantPool, with a signature:
<T extends PoolEntry> T entryByIndex(int index, Class<T> cls)
and a type-checked readEntryOrNull in ClassReader, with a signature:
<T extends PoolEntry> T readEntryOrNull(int offset, Class<T> cls)
Which will throw ConstantPoolException if the entry is of a mismatched type, much like the type-checked readClassEntry in ClassBuilder.

A search for existing generic ConstantPool::entryByIndex and ClassReader::readEntryOrNull in JDK reveals that most of their usages within the jdk.internal.classfile.impl and its subpackages involve a direct cast right after retrieving the result. These casts are susceptible to malformed classfiles putting entries of wrong type, such as a Utf8 at the cursor of superclass entry, throwing ClassCastException, which is out of spec with the Classfile API.

I recommend adding these 2 methods for user convenience, and migrating all existing entryByIndex/readEntryOrNull with casts to these 2 new methods, to enhance the robustness of the ClassFile API. (On a side note, we can promote ClassReader::utf8EntryByIndex to ConstantPool too)

Please feel free to comment or critique this proposal.

Chen Liang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/classfile-api-dev/attachments/20240521/bcedc2d7/attachment-0001.htm>

More information about the classfile-api-dev mailing list