RFR: JDK-8146975 - NullPointerException in IIOPInputStream.inputClassFields
Chris Hegarty
chris.hegarty at oracle.com
Thu Jun 9 14:21:55 UTC 2016
Oh BTW, I assume the changes to the java.corba module-info are not
needed right? Maybe left over from some debugging?
-Chris.
> On 9 Jun 2016, at 13:35, Chris Hegarty <chris.hegarty at oracle.com> wrote:
>
>
>> On 8 Jun 2016, at 23:18, Mark Sheppard <mark.sheppard at oracle.com> wrote:
>>
>>
>> Hi
>> please oblige and review the following changes
>> http://cr.openjdk.java.net/~msheppar/8146975/jdk9/webrev/
>>
>> http://cr.openjdk.java.net/~msheppar/8146975/jdk9/test/webrev/
>>
>> which address the issue raised in
>> https://bugs.openjdk.java.net/browse/JDK-8146975
>>
>> the type checking in inputClassFields and other places failed to fully allowing for
>> the processing of return ValueTypes, and hence the getDeclaredField fails as
>> "application code" exist on the call stack restricting access. This leads to a security exception,
>> which in turn leads to an IllegalArgumentExcetption, the processing of which failed to allow
>> for a null object value in the stream.
>> This has now been rectified, with the getDeclaredField wrapped in a doPrivileged call.
>
> This works because the java.corba module is granted all permissions. If this
> was to ever change then I assume it would require RuntimePermission(
> "accessDeclaredMembers”).
>
> The changes look ok to me. Wow, that is some test! I assume it cannot easily
> be reduced.
>
> -Chris.
>
>> regards
>> Mark
>
More information about the core-libs-dev
mailing list