RFR: 8328874: Class::forName0 should validate the class name length early [v8]
Roger Riggs
rriggs at openjdk.org
Wed Aug 27 17:58:44 UTC 2025
On Sat, 23 Aug 2025 04:07:08 GMT, Guanqiang Han <ghan at openjdk.org> wrote:
>> Validate class name length immediately after GetStringUTFLength() in Class.forName0. This prevents potential issues caused by overly long class names before they reach later code that would reject them, throwing ClassNotFoundException early.
>
> Guanqiang Han has updated the pull request incrementally with one additional commit since the last revision:
>
> change copyright year
Changes requested by rriggs (Reviewer).
src/java.base/share/classes/java/lang/Class.java line 95:
> 93: import sun.reflect.annotation.*;
> 94:
> 95: import static jdk.internal.util.ModifiedUtf.utfLen;
Do not use static imports across package boundaries, it make the code harder to read and to know where that method came from.
-------------
PR Review: https://git.openjdk.org/jdk/pull/26802#pullrequestreview-3161118594
PR Review Comment: https://git.openjdk.org/jdk/pull/26802#discussion_r2304880163
More information about the core-libs-dev
mailing list