RFR: 8328874: Class::forName0 should validate the class name length early
Guanqiang Han
ghan at openjdk.org
Tue Aug 19 15:28:39 UTC 2025
On Fri, 15 Aug 2025 15:44:36 GMT, Chen Liang <liach at openjdk.org> wrote:
>> Validate class name length immediately after GetStringUTFLength() in Class.forName0. This prevents potential issues caused by overly long class names before they reach later code that would reject them, throwing ClassNotFoundException early.
>
> We currently have a trend of moving argument validations and checks to pure Java code, to minimize downcall into the VM (whose code cannot be optimized by compilers). Even if we keep checks in the VM, I guess jvm.cpp might be a better place than Class.c.
@liach @dholmes-ora Thank you both for the detailed feedback and explanation.
I've moved the check to the Java side. Please have a look when you get a chance.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/26802#issuecomment-3201215930
More information about the core-libs-dev
mailing list