RFR: 8328874: Class::forName0 should validate the class name length early [v4]
John R Rose
jrose at openjdk.org
Tue Aug 19 16:24:37 UTC 2025
On Tue, 19 Aug 2025 15:20:52 GMT, Guanqiang Han <ghan at openjdk.org> wrote:
>> Validate class name length immediately after GetStringUTFLength() in Class.forName0. This prevents potential issues caused by overly long class names before they reach later code that would reject them, throwing ClassNotFoundException early.
>
> Guanqiang Han has updated the pull request incrementally with one additional commit since the last revision:
>
> Update Class.java
>
> correct length of class name
Surely that loop already exists, and even if it not, it should live in a place where it is more widely useful and easier to optimize.
(Widely useful? Yes, because asking the length of a string in modified-utf8, and checking whether it fits inside the constant pool limit, is not just for `Class::forName`.)
(Easier to optimize? If we have the loop in a common place, maintainers will probably ensure that it has the right performance characteristics. A one-off loop is less likely to attract improvements in the future.)
A quick search reveals a new friend, `jdk.internal.util.ModifiedUtf::utfLen`. It seems to me you should use that rather than writing your own loop. Look at other code (under `java.*` packages) that uses it for a model. You can pass zero for the funny extra parameter.
Perhaps not for this PR, we might add a method somewhere (requires discussion) that calls `jdk.internal.util.ModifiedUtf::utfLen` and also the prefix-searcher (non-zero-ascii only?). But if we just have a hand-rolled one-off loop, it is much harder to make such improvements. If we use API points instead of manual loops, its much easier for maintainers to make improvements.
Also, speaking of improvements, if such a method is framed as a constant pool validity check (`isValidConstantPoolString`) then an O(1) check is possible: Just ask if the string's body is less than (1<<16)/2 for ASCII-only strings, and less than (1<<16)/3 for other strings, and there's no need to search the string body. But this only works for an API point that "knows" what the maximum size is ahead of time. The classfile spinner logic could use this, not just for class names, but for all `CONSTANT_Utf8` entries in the CP. That work would NOT be for this PR, but rather for the authors of the classfile API to think about.
(Chen beat me to the discovery!)
-------------
PR Comment: https://git.openjdk.org/jdk/pull/26802#issuecomment-3201402304
PR Comment: https://git.openjdk.org/jdk/pull/26802#issuecomment-3201404019
More information about the core-libs-dev
mailing list