RFR 8223730 : URLClassLoader.findClass() can throw IndexOutOfBoundsException

Ivan Gerasimov ivan.gerasimov at oracle.com
Tue May 14 01:23:40 UTC 2019


Thank you Pavel and Brent for reviewing!

With kind regards,

Ivan


On 5/13/19 4:47 PM, Brent Christian wrote:
> I think the change looks OK.
>
> I agree that this case is unlikely to come up in the real world, so no 
> regtest seems acceptable; tag the bug with noreg-hard.
>
> (Another option might be a test in a seldom-run Tier that @requires a 
> large amount of heap.)
>
> -Brent
>
> On 5/11/19 3:07 PM, Ivan Gerasimov wrote:
>> Hello!
>>
>> An integer overflow during array size calculation can happen in a 
>> case of loading extremely huge class file (which is unlikely in the 
>> real world).
>>
>> It is possible to create a regression test (see the bug), though I 
>> doubt it would carry much weight while requiring much memory.
>>
>> I did check manually that the POC runs fine with the patched JDK.
>>
>> Would you please help review the fix?
>>
>> BUGURL: https://bugs.openjdk.java.net/browse/JDK-8223730
>> WEBREV: http://cr.openjdk.java.net/~igerasim/8223730/00/webrev/
>>
>

-- 
With kind regards,
Ivan Gerasimov



More information about the core-libs-dev mailing list