RFR: 8333812: ClassFile.verify() can throw exceptions instead of returning VerifyErrors
Chen Liang
liach at openjdk.org
Thu Jul 18 22:00:31 UTC 2024
On Thu, 18 Jul 2024 16:29:17 GMT, Chen Liang <liach at openjdk.org> wrote:
>> `ClassFile.verify()` should always return list of verification errors and never throw an exception, even for corrupted classes.
>> `BoundAttribute` initializations of `LocalVariableTable` and `LocalVariableTypeTable` attributes do not expect invalid possible locations and cause `ClassCastException`.
>>
>> This patch fixes `BoundAttribute` to throw `IllegalArgumentException` for invalid `LocalVariableTable` and `LocalVariableTypeTable` attributes locations. And makes `VerifierImpl` a bit more resilient to exceptions thrown from the verifier initialization.
>>
>> Relevant test is added.
>>
>> Please review.
>>
>> Thanks,
>> Adam
>
> src/java.base/share/classes/jdk/internal/classfile/impl/verifier/VerifierImpl.java line 117:
>
>> 115:
>> 116: public static List<VerifyError> verify(ClassModel classModel, ClassHierarchyResolver classHierarchyResolver, Consumer<String> logger) {
>> 117: String clsName = classModel.thisClass().asInternalName();
>
> This can still throw `ConstantPoolException` if this_class points to a non-Class entry. This entry is lazily read by `ClassReader`, so you can create a `ClassModel` for such a bad class.
Alternatively, a malformed Class constant can point to a non-utf8, so the `asInternalName` can fail too.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20241#discussion_r1683550724
More information about the core-libs-dev
mailing list