RFR: 8255542: Attribute length of Module, ModulePackages and other attributes is ignored
Alan Bateman
alanb at openjdk.java.net
Wed Dec 2 18:59:56 UTC 2020
On Wed, 2 Dec 2020 18:45:52 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
>> The attribute_length of known ModuleXXXX attributes in the module-info.class is currently ignored. It should be checked and the class rejected if the attribute length doesn't exactly match the length of the info in the attribute.
>>
>> There are several ways to fix this. I initially limited the reading of the attribute_info to the attribute length but this resulted in confusing exception messages as the attribute appears truncated. The exception messages are clearer when it checks that the attribute length corresponds to the number of bytes read.
>
> src/java.base/share/classes/jdk/internal/module/ModuleInfo.java line 288:
>
>> 286:
>> 287: long newPosition = in.count();
>> 288: if (newPosition != (initialPosition + length)) {
>
> should this be:
>
> if ((newPosition - intialPosition) != length) {
>
> just to make it clear that no overflow can happen?
The attribute_length is a u4 so shouldn't arise but you are probably right that it would be clearer to reorganize it as you suggest.
-------------
PR: https://git.openjdk.java.net/jdk/pull/1407
More information about the core-libs-dev
mailing list