RFR: 8330684: ClassFile API runs into StackOverflowError while parsing certain class' bytes [v3]
Paul Sandoz
psandoz at openjdk.org
Fri Apr 26 16:16:53 UTC 2024
On Fri, 26 Apr 2024 13:34:08 GMT, Adam Sotona <asotona at openjdk.org> wrote:
>> ClassFile API dives into the nested constant pool entries without type restrictions, while parsing a class file. Validation of the entry is performed post-parsing. Specifically corrupted constant pool entry may cause infinite loop during parsing and throws SOE.
>> This patch resolves the issue by providing specific implementations for the nested CP entries parsing, instead of sharing the common (post-checking) code.
>> Added test simulates the situation on inner-looped method reference entry.
>>
>> Please review.
>>
>> Thank you,
>> Adam
>
> Adam Sotona has updated the pull request incrementally with one additional commit since the last revision:
>
> Apply suggestions from code review
>
> Co-authored-by: ExE Boss <3889017+ExE-Boss at users.noreply.github.com>
Very nice. I think we got lucky this worked out :-)
-------------
Marked as reviewed by psandoz (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/18907#pullrequestreview-2025411091
More information about the core-libs-dev
mailing list