[8] RFR (XS): 8032585: JSR292: IllegalAccessError when attempting to invoke protected method from different package
John Rose
john.r.rose at oracle.com
Tue Jan 28 00:50:23 UTC 2014
This is safe as a point fix, since (a) Lookup.checkSymbolicClass vets 'refc' before checkMemberAccess is called, and (b) the JVMS does not in fact call for 'defc' to also be accessible, if it is inherited via 'refc'.
There is a slightly different problem here, a code cleanup problem. The javadoc for checkMemberAccess does not seem to accurately reflect what the method does or how it works. We need to re-align the javadoc, the JVM spec., and (if necessary) the code. For example, I would prefer either an explicit call from checkMemberAccess to isClassAccessible, or at least have an assert in there. This will take a little more time and care to do right.
I see two choices; either are OK with me as a reviewer:
1. Do the point fix as proposed and file a followup bug.
2. Fix the javadoc, add the assert, and re-review correspondence between checkMemberAccess (javadoc+code) and the JVM spec. for member access.
— John
On Jan 27, 2014, at 8:05 AM, Vladimir Ivanov <vladimir.x.ivanov at oracle.com> wrote:
> http://cr.openjdk.java.net/~vlivanov/8032585/webrev.00/
> https://bugs.openjdk.java.net/browse/JDK-8032585
>
> JSR292 access verification logic refuses method handle lookup access to
> methods which are defined on inaccessible classes. This is usually
> correct, but in the corner case of inheritance through a public class,
> it is wrong. 8029507 makes the JVM provide more correct information
> about the defining class of a looked-up method and this corrected
> information is causing the old and wrong checks to fail where they
> didn't fail before.
>
> The fix is to relax the check: don't require the class where protected
> member is declared to be public. It is enough to check that defining
> class is a super class of the class lookup request comes from to ensure
> there are enough privileges to access protected member.
>
> Testing: regression test, enumeration tests on access checks,
> jdk/test/java/lang/invoke, vm.mlvm.testlist
>
> Thanks!
>
> Best regards,
> Vladimir Ivanov
> _______________________________________________
> mlvm-dev mailing list
> mlvm-dev at openjdk.java.net
> http://mail.openjdk.java.net/mailman/listinfo/mlvm-dev
More information about the core-libs-dev
mailing list