RFR 8223730 : URLClassLoader.findClass() can throw IndexOutOfBoundsException
Ivan Gerasimov
ivan.gerasimov at oracle.com
Sat May 11 22:07:49 UTC 2019
Hello!
An integer overflow during array size calculation can happen in a case
of loading extremely huge class file (which is unlikely in the real world).
It is possible to create a regression test (see the bug), though I doubt
it would carry much weight while requiring much memory.
I did check manually that the POC runs fine with the patched JDK.
Would you please help review the fix?
BUGURL: https://bugs.openjdk.java.net/browse/JDK-8223730
WEBREV: http://cr.openjdk.java.net/~igerasim/8223730/00/webrev/
--
With kind regards,
Ivan Gerasimov
More information about the core-libs-dev
mailing list