Integrated: 8365203: defineClass with direct buffer can cause use-after-free
Per Minborg
pminborg at openjdk.org
Wed Aug 27 09:43:52 UTC 2025
On Mon, 11 Aug 2025 11:33:19 GMT, Per Minborg <pminborg at openjdk.org> wrote:
> ### Description
> This PR proposes to update the `ClassLoader` implementation to properly guard access to the provided `ByteBuffer` when defining a class using `defineClass(String, ByteBuffer, ...)`. Specifically, calls to `SharedSecrets.getJavaNioAccess().acquireSession(ByteBuffer)` and `releaseSession(ByteBuffer)` have been introduced to ensure safe and consistent buffer access throughout the native class definition process, even in the case of a `ByteBuffer` is backed by a `MemorySegment`.
>
> ### Impact
> This modification is internal to the `ClassLoader` implementation and does not affect the public API.
> Improves the robustness and security of class loading from buffers.
>
> ### Testing
> Tier 1, 2, and 3 JDK tests pass on multiple platforms.
This pull request has now been integrated.
Changeset: 19f0755c
Author: Per Minborg <pminborg at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/19f0755c48e998b5b136ca58ea21eb3b54bc7b33
Stats: 92 lines in 2 files changed: 88 ins; 0 del; 4 mod
8365203: defineClass with direct buffer can cause use-after-free
Reviewed-by: jpai
-------------
PR: https://git.openjdk.org/jdk/pull/26724
More information about the core-libs-dev
mailing list