ArrayIndexOutOfBoundsException in ResourceBundle.getBundle(String) in JDK 6&7
Tom Hawtin
tom.hawtin at oracle.com
Fri Nov 4 11:26:39 UTC 2011
On 04/11/11 09:58, Heiko Wagner wrote:
> This is caused by the fact that the ResourceBundle class tries to determine
> the actual ClassLoader using the getLoader() method, via accessing the
> hardcoded stack offset 2, which works when the getBundle() method is callen
> from Java, but in my case I invoke this method using JNI and the stack
> layout is different, so causing the exception.
>
> I know this code has been this way a for a long time, but I still get a beed
> feeling when the code relies on some hard code offsets in the call stack and
> I see no reason why invoking the ResourceBundle methods via JNI should be
> considered "illegal".
I'm not a JNI expert (you are calling from a thread known to the JVM,
right?). However, getBundle is one of the magic methods listed in
section 6 (6-4) of the Java Secure Coding Guidelines[1] that depend upon
the immediate caller. If there isn't an immediate [Java] caller, that
isn't going to work. Which ClassLoader would you want getBundle to use?
Tom
[1]http://www.oracle.com/technetwork/java/seccodeguide-139067.html#6-0
More information about the core-libs-dev
mailing list