RFR: 8328874: Class::forName0 should validate the class name length early
Alan Bateman
alanb at openjdk.org
Fri Aug 15 15:38:09 UTC 2025
On Fri, 15 Aug 2025 15:19:35 GMT, Guanqiang Han <ghan at openjdk.org> wrote:
> Validate class name length immediately after GetStringUTFLength() in Class.forName0. This prevents potential issues caused by overly long class names before they reach later code that would reject them, throwing ClassNotFoundException early.
src/java.base/share/native/libjava/Class.c line 119:
> 117: JNU_ThrowClassNotFoundException(env, msg);
> 118: return 0;
> 119: }
I wonder if it's time to hoist these checks so that the checking is in a more discoverable place.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26802#discussion_r2279296271
More information about the core-libs-dev
mailing list