RFR: 8013527: calling MethodHandles.lookup on itself leads to errors
Johannes Kuhn
github.com+652983+dasbrain at openjdk.java.net
Wed Feb 3 17:38:41 UTC 2021
On Wed, 3 Feb 2021 17:25:04 GMT, Mandy Chung <mchung at openjdk.org> wrote:
>> Only `Lookup` with the original access can access `MethodHandles.classData`. A hidden class `HC$$InjectedInvoker/0x1234` can access private members of another class `C` in the same nest but not `C`'s class data.
>>
>> I don't follow which previous commit you refer to more dangerous. Please elaborate. I don't see any security concern with class data.
>
> Last night, I had a second thought that the fix for these two JBS issues does not need the class data. It's more for a future use. I plan to revise it and drop class data in this fix anyway.
You are right, got it confused with the future use.
With this fix, MethodHandle -> Method.invoke -> MethodHandles.lookup() will still return a lookup on the injected invoker.
I somehow missed that this is not part of the fix, but for the future use.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2367
More information about the core-libs-dev
mailing list