Integrated: 8330684: ClassFile API runs into StackOverflowError while parsing certain class' bytes

Adam Sotona asotona at openjdk.org
Mon Apr 29 07:15:10 UTC 2024


On Tue, 23 Apr 2024 07:39:47 GMT, Adam Sotona <asotona at openjdk.org> wrote:

> ClassFile API dives into the nested constant pool entries without type restrictions, while parsing a class file. Validation of the entry is performed post-parsing. Specifically corrupted constant pool entry may cause infinite loop during parsing and throws SOE.
> This patch resolves the issue by providing specific implementations for the nested CP entries parsing, instead of sharing the common (post-checking) code.
> Added test simulates the situation on inner-looped method reference entry.
> 
> Please review.
> 
> Thank you,
> Adam

This pull request has now been integrated.

Changeset: fb63cbad
Author:    Adam Sotona <asotona at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/fb63cbadb419f1de91acae9fc66be258e1d3d214
Stats:     32 lines in 2 files changed: 23 ins; 0 del; 9 mod

8330684: ClassFile API runs into StackOverflowError while parsing certain class' bytes

Reviewed-by: psandoz

-------------

PR: https://git.openjdk.org/jdk/pull/18907


More information about the core-libs-dev mailing list