RFR: 8328874: Class::forName0 should validate the class name length early
Chen Liang
liach at openjdk.org
Fri Aug 15 15:47:09 UTC 2025
On Fri, 15 Aug 2025 15:19:35 GMT, Guanqiang Han <ghan at openjdk.org> wrote:
> Validate class name length immediately after GetStringUTFLength() in Class.forName0. This prevents potential issues caused by overly long class names before they reach later code that would reject them, throwing ClassNotFoundException early.
We currently have a trend of moving argument validations and checks to pure Java code, to minimize downcall into the VM (whose code cannot be optimized by compilers). Even if we keep checks in the VM, I guess jvm.cpp might be a better place than Class.c.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/26802#issuecomment-3191926599
More information about the core-libs-dev
mailing list