RFR: 8328874: Class::forName0 should validate the class name length early [v5]
ExE Boss
duke at openjdk.org
Wed Aug 20 21:37:37 UTC 2025
On Wed, 20 Aug 2025 01:30:27 GMT, Guanqiang Han <ghan at openjdk.org> wrote:
>> Validate class name length immediately after GetStringUTFLength() in Class.forName0. This prevents potential issues caused by overly long class names before they reach later code that would reject them, throwing ClassNotFoundException early.
>
> Guanqiang Han has updated the pull request incrementally with one additional commit since the last revision:
>
> Update Class.java
>
> updates the class name length validation logic on the Java side
src/java.base/share/classes/java/lang/Class.java line 4160:
> 4158: // Checks whether the class name exceeds the maximum allowed length.
> 4159: private static boolean classNameLengthIsValid(String name) {
> 4160: Objects.requireNonNull(name);
This is not needed as the `name.length()` call already performs an implicit `null` check.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26802#discussion_r2289354748
More information about the core-libs-dev
mailing list