RFR: 8328874: Class::forName0 should validate the class name length early [v4]
David Holmes
dholmes at openjdk.org
Tue Aug 19 22:53:36 UTC 2025
On Tue, 19 Aug 2025 15:20:52 GMT, Guanqiang Han <ghan at openjdk.org> wrote:
>> Validate class name length immediately after GetStringUTFLength() in Class.forName0. This prevents potential issues caused by overly long class names before they reach later code that would reject them, throwing ClassNotFoundException early.
>
> Guanqiang Han has updated the pull request incrementally with one additional commit since the last revision:
>
> Update Class.java
>
> correct length of class name
It is up to core-libs folk but to me that seems far too heavyweight to have on the Java side, and we are then going to repeat some of it in the C code.
-------------
PR Review: https://git.openjdk.org/jdk/pull/26802#pullrequestreview-3134128473
More information about the core-libs-dev
mailing list