RFR: 8222895: StackOverflowError in custom security manager that relies on ClassSpecializer
Claes Redestad
claes.redestad at oracle.com
Wed Apr 24 12:49:13 UTC 2019
Hi,
recent changes to the String concatenation bootstrap sequence[1]
accidentally uncovered an issue introduced earlier by changing the
ClassSpecializer to use Lookup.defineClass[2].
The issue with this is the introduction of a call to SM.checkPermission
deep inside the ClassSpecializer code used when bootstrapping certain
String concatenation expressions. When triggered, this causes a
recursive bootstrap cycle and a crash with a StackOverflowError.
This is related to earlier bootstrapping issues in the area[3], and
would have been caught by the regression test added then if not for the
fact that we've been rather successful in avoiding the use of
ClassSpecializer during bootstrap of commonly used concatenation shapes.
Providing a more contorted concatenation shape in the test ensures we
drop into the ClassSpecializer code path where the recursive
checkPermission call happens. The updated test passes before
JDK-8181443, fails since, and passes with the changes proposed in this
patch.
Webrev: http://cr.openjdk.java.net/~redestad/8222895/open.00/
Bug: https://bugs.openjdk.java.net/browse/JDK-8222895
Testing: tier1-3 (still in-flight), local verification
Thanks!
/Claes
[1] https://bugs.openjdk.java.net/browse/JDK-8222484
[2] https://bugs.openjdk.java.net/browse/JDK-8181443
[3] https://bugs.openjdk.java.net/browse/JDK-8155090
More information about the core-libs-dev
mailing list