RFR: JDK-8146975 - NullPointerException in IIOPInputStream.inputClassFields
Chris Hegarty
chris.hegarty at oracle.com
Thu Jun 9 12:35:19 UTC 2016
> On 8 Jun 2016, at 23:18, Mark Sheppard <mark.sheppard at oracle.com> wrote:
>
>
> Hi
> please oblige and review the following changes
> http://cr.openjdk.java.net/~msheppar/8146975/jdk9/webrev/
>
> http://cr.openjdk.java.net/~msheppar/8146975/jdk9/test/webrev/
>
> which address the issue raised in
> https://bugs.openjdk.java.net/browse/JDK-8146975
>
> the type checking in inputClassFields and other places failed to fully allowing for
> the processing of return ValueTypes, and hence the getDeclaredField fails as
> "application code" exist on the call stack restricting access. This leads to a security exception,
> which in turn leads to an IllegalArgumentExcetption, the processing of which failed to allow
> for a null object value in the stream.
> This has now been rectified, with the getDeclaredField wrapped in a doPrivileged call.
This works because the java.corba module is granted all permissions. If this
was to ever change then I assume it would require RuntimePermission(
"accessDeclaredMembers”).
The changes look ok to me. Wow, that is some test! I assume it cannot easily
be reduced.
-Chris.
> regards
> Mark
More information about the core-libs-dev
mailing list