RFR: 8330684: ClassFile API runs into StackOverflowError while parsing certain class' bytes [v2]

Adam Sotona asotona at openjdk.org
Fri Apr 26 07:43:01 UTC 2024


> ClassFile API dives into the nested constant pool entries without type restrictions, while parsing a class file. Validation of the entry is performed post-parsing. Specifically corrupted constant pool entry may cause infinite loop during parsing and throws SOE.
> This patch resolves the issue by providing specific implementations for the nested CP entries parsing, instead of sharing the common (post-checking) code.
> Added test simulates the situation on inner-looped method reference entry.
> 
> Please review.
> 
> Thank you,
> Adam

Adam Sotona has updated the pull request incrementally with one additional commit since the last revision:

  implemented proposed simpler solution with lower and upper bound tags

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/18907/files
  - new: https://git.openjdk.org/jdk/pull/18907/files/ce3bd205..e706346b

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=18907&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=18907&range=00-01

  Stats: 91 lines in 1 file changed: 17 ins; 53 del; 21 mod
  Patch: https://git.openjdk.org/jdk/pull/18907.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/18907/head:pull/18907

PR: https://git.openjdk.org/jdk/pull/18907


More information about the core-libs-dev mailing list