RFR: 8330684: ClassFile API runs into StackOverflowError while parsing certain class' bytes [v2]
Adam Sotona
asotona at openjdk.org
Fri Apr 26 07:43:01 UTC 2024
> ClassFile API dives into the nested constant pool entries without type restrictions, while parsing a class file. Validation of the entry is performed post-parsing. Specifically corrupted constant pool entry may cause infinite loop during parsing and throws SOE.
> This patch resolves the issue by providing specific implementations for the nested CP entries parsing, instead of sharing the common (post-checking) code.
> Added test simulates the situation on inner-looped method reference entry.
>
> Please review.
>
> Thank you,
> Adam
Adam Sotona has updated the pull request incrementally with one additional commit since the last revision:
implemented proposed simpler solution with lower and upper bound tags
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/18907/files
- new: https://git.openjdk.org/jdk/pull/18907/files/ce3bd205..e706346b
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=18907&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=18907&range=00-01
Stats: 91 lines in 1 file changed: 17 ins; 53 del; 21 mod
Patch: https://git.openjdk.org/jdk/pull/18907.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/18907/head:pull/18907
PR: https://git.openjdk.org/jdk/pull/18907
More information about the core-libs-dev
mailing list