RFR: 8365203: defineClass with direct buffer can cause use-after-free
Per Minborg
pminborg at openjdk.org
Mon Aug 11 12:41:27 UTC 2025
### Description
This PR proposes to update the `ClassLoader` implementation to properly guard access to the provided `ByteBuffer` when defining a class using `defineClass(String, ByteBuffer, ...)`. Specifically, calls to `SharedSecrets.getJavaNioAccess().acquireSession(ByteBuffer)` and `releaseSession(ByteBuffer)` have been introduced to ensure safe and consistent buffer access throughout the native class definition process, even in the case of a `ByteBuffer` is backed by a `MemorySegment`.
### Impact
This modification is internal to the `ClassLoader` implementation and does not affect the public API.
Improves the robustness and security of class loading from buffers.
### Testing
Tier 1, 2, and 3 JDK tests pass on multiple platforms.
-------------
Commit messages:
- Add test
- Update copyright year
- Guard ClassLoader::defineClass2
Changes: https://git.openjdk.org/jdk/pull/26724/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=26724&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8365203
Stats: 88 lines in 2 files changed: 84 ins; 0 del; 4 mod
Patch: https://git.openjdk.org/jdk/pull/26724.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/26724/head:pull/26724
PR: https://git.openjdk.org/jdk/pull/26724
More information about the core-libs-dev
mailing list