RFR: 8328874: Class::forName0 should validate the class name length early [v4]

[Roger Riggs]

On Tue, 19 Aug 2025 15:20:52 GMT, Guanqiang Han <ghan at openjdk.org> wrote:

>> Validate class name length immediately after GetStringUTFLength() in Class.forName0. This prevents potential issues caused by overly long class names before they reach later code that would reject them, throwing ClassNotFoundException early.
>
> Guanqiang Han has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Update Class.java
>   
>   correct length of class name

src/java.base/share/classes/java/lang/Class.java line 4160:

> 4158:     private static boolean classNameLengthIsValid(String name) {
> 4159:         Objects.requireNonNull(name);
> 4160:         return getUtf8Length(name) <= JAVA_CLASSNAME_MAX_LEN;

An exact UTF-8 length is not needed to know that the length is valid.
The worst case expansion is *4 for an encoding of a pair of surrogate chars.
A quick approximation would be: `name.length() <= JAVA_CLASSNAME_MAX_LEN / 4`.
Most class names are much shorter and almost never need to compute the exact UTF-8 length.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/26802#discussion_r2286624874