RFR: 8328874: Class::forName0 should validate the class name length early [v2]
Guanqiang Han
ghan at openjdk.org
Tue Aug 19 12:54:22 UTC 2025
> Validate class name length immediately after GetStringUTFLength() in Class.forName0. This prevents potential issues caused by overly long class names before they reach later code that would reject them, throwing ClassNotFoundException early.
Guanqiang Han has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:
- move check into java side
- Merge remote-tracking branch 'upstream/master' into 8328874
- 8328874: Class::forName0 should validate the class name length early
Validate class name length immediately after GetStringUTFLength() in Class.forName0. This prevents potential issues caused by overly long class names before they reach later code that would reject them, throwing ClassNotFoundException early.
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/26802/files
- new: https://git.openjdk.org/jdk/pull/26802/files/95db25db..79fe33eb
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=26802&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=26802&range=00-01
Stats: 5617 lines in 166 files changed: 4373 ins; 620 del; 624 mod
Patch: https://git.openjdk.org/jdk/pull/26802.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/26802/head:pull/26802
PR: https://git.openjdk.org/jdk/pull/26802
More information about the core-libs-dev
mailing list