RFR: 8255542: Attribute length of Module, ModulePackages and other attributes is ignored [v2]

[Rémi Forax]

On Thu, 3 Dec 2020 09:58:16 GMT, Alan Bateman <alanb at openjdk.org> wrote:

>> The attribute_length of known ModuleXXXX attributes in the module-info.class is currently ignored. It should be checked and the class rejected if the attribute length doesn't exactly match the length of the info in the attribute.
>> 
>> There are several ways to fix this. I initially limited the reading of the attribute_info to the attribute length but this resulted in confusing exception messages as the attribute appears truncated. The exception messages are clearer when it checks that the attribute length corresponds to the number of bytes read.
>
> Alan Bateman has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 11 additional commits since the last revision:
> 
>  - Restructure check to make it more obvious that it doesn't overflow
>  - Merge
>  - Merge
>  - Merge
>  - Trailing whitespace
>  - Expand test to Module attribute
>  - Merge
>  - Test cleanup
>  - Add test
>  - Merge
>  - ... and 1 more: https://git.openjdk.java.net/jdk/compare/914dd7e9...f15dbb1b

src/java.base/share/classes/jdk/internal/module/ModuleInfo.java line 1203:

> 1201:         @Override
> 1202:         public String readUTF() throws IOException {
> 1203:             return DataInputStream.readUTF(this);

If i understand correctly the code, I believe readUTF should change a boolean field named `countCanNotBeTrackedAnymore` from false to true, and in the method `count()`,  `countCanNotBeTrackedAnymore` has to be checked and throws an ISE before returning `count`

-------------

PR: https://git.openjdk.java.net/jdk/pull/1407