RFR: 8222895: StackOverflowError in custom security manager that relies on ClassSpecializer

Claes Redestad claes.redestad at oracle.com
Thu May 2 08:28:34 UTC 2019


On 2019-05-01 19:00, Alan Bateman wrote:
>>
>> Webrev: http://cr.openjdk.java.net/~redestad/8222895/open.00/
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8222895
> This looks okay as a temporary solution to fix the regression.

Thanks Alan!

Yes, using the shared secrets API for this is a bit of a hack, and we
should think carefully about how to allow use of APIs that can be
guarded by a SM without risk of running in cycles like this.

We have a related issue[1] that you can't initialize lambdas during
execution of a checkPermission method, which might be a subtle source
for regressions when upgrading (with an increasing risk as more and more
core libraries are lambda and streamified). A similar hack there would
be to elide the (privileged) SM call when the target of the lambda is
a class loaded by the bootloader, but that would only solve for the case
when the offending lambda is something introduced in the core libraries
(like in java.util.regex)

/Claes

[1] https://bugs.openjdk.java.net/browse/JDK-8155659


More information about the core-libs-dev mailing list