Type-checked entryByIndex and readEntryOrNull

Chen Liang liangchenblue at gmail.com
Wed May 22 14:24:19 UTC 2024 

Hi Adam and the list,
I have since created JDK-8332614 and opened
https://github.com/openjdk/jdk/pull/19330 pull request. Feel free to take a
look and comment!

Thanks, Chen

On Tue, May 21, 2024 at 7:19 AM Adam Sotona <adam.sotona at oracle.com> wrote:

> Hi Chen,
>
> Internally it is already resolved, and it does not bring much of a value
> to change only internal implementation.
>
>
>
> I'm OK with the proposed API addition, however real use cases would give
> the proposal more weight.
>
> Priority is to clean the Class-File API and additions to the API should be
> backed by real use cases or visible benefits in the existing code.
>
> Procedurally, feel free to go ahead and propose it to 23.
>
>
>
> Thanks,
>
> Adam
>
>
>
> *From: *Chen Liang <liangchenblue at gmail.com>
> *Date: *Tuesday, 21 May 2024 at 13:54
> *To: *classfile-api-dev <classfile-api-dev at openjdk.org>,
> asotona at openjdk.org <asotona at openjdk.org>
> *Subject: *Re: Type-checked entryByIndex and readEntryOrNull
>
> Hi Adam,
>
> This patch is simple; since this can prevent a lot of bugs around
> malicious CP references in crafted classfiles, should we consider this
> enhancement for JDK 23, or should we only have this as internal APIs in
> ClassReaderImpl?
>
>
>
> - Chen
>
>
>
>
>
> On Mon, May 20, 2024 at 9:08 AM - <liangchenblue at gmail.com> wrote:
>
> Hi ClassFile API list,
>
> I call for addition of a type-checked entryByIndex in ConstantPool, with a
> signature:
>
> <T extends PoolEntry> T entryByIndex(int index, Class<T> cls)
>
> and a type-checked readEntryOrNull in ClassReader, with a signature:
>
> <T extends PoolEntry> T readEntryOrNull(int offset, Class<T> cls)
>
> Which will throw ConstantPoolException if the entry is of a mismatched
> type, much like the type-checked readClassEntry in ClassBuilder.
>
>
>
> A search for existing generic ConstantPool::entryByIndex and
> ClassReader::readEntryOrNull in JDK reveals that most of their usages
> within the jdk.internal.classfile.impl and its subpackages involve a direct
> cast right after retrieving the result. These casts are susceptible to
> malformed classfiles putting entries of wrong type, such as a Utf8 at the
> cursor of superclass entry, throwing ClassCastException, which is out of
> spec with the Classfile API.
>
>
>
> I recommend adding these 2 methods for user convenience, and migrating all
> existing entryByIndex/readEntryOrNull with casts to these 2 new methods, to
> enhance the robustness of the ClassFile API. (On a side note, we can
> promote ClassReader::utf8EntryByIndex to ConstantPool too)
>
>
>
> Please feel free to comment or critique this proposal.
>
>
>
> Chen Liang
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/classfile-api-dev/attachments/20240522/d8bf5e8b/attachment.htm>

More information about the classfile-api-dev mailing list