Integrated: 8330684: ClassFile API runs into StackOverflowError while parsing certain class' bytes
Adam Sotona
asotona at openjdk.org
Mon Apr 29 07:15:10 UTC 2024
On Tue, 23 Apr 2024 07:39:47 GMT, Adam Sotona <asotona at openjdk.org> wrote:
> ClassFile API dives into the nested constant pool entries without type restrictions, while parsing a class file. Validation of the entry is performed post-parsing. Specifically corrupted constant pool entry may cause infinite loop during parsing and throws SOE.
> This patch resolves the issue by providing specific implementations for the nested CP entries parsing, instead of sharing the common (post-checking) code.
> Added test simulates the situation on inner-looped method reference entry.
>
> Please review.
>
> Thank you,
> Adam
This pull request has now been integrated.
Changeset: fb63cbad
Author: Adam Sotona <asotona at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/fb63cbadb419f1de91acae9fc66be258e1d3d214
Stats: 32 lines in 2 files changed: 23 ins; 0 del; 9 mod
8330684: ClassFile API runs into StackOverflowError while parsing certain class' bytes
Reviewed-by: psandoz
-------------
PR: https://git.openjdk.org/jdk/pull/18907
More information about the core-libs-dev
mailing list