RFR: 8328874: Class::forName0 should validate the class name length early [v9]
Jason Mehrens
duke at openjdk.org
Thu Aug 28 02:16:49 UTC 2025
On Thu, 28 Aug 2025 00:39:54 GMT, Guanqiang Han <ghan at openjdk.org> wrote:
>> Validate class name length immediately after GetStringUTFLength() in Class.forName0. This prevents potential issues caused by overly long class names before they reach later code that would reject them, throwing ClassNotFoundException early.
>
> Guanqiang Han has updated the pull request incrementally with one additional commit since the last revision:
>
> Update Class.java
>
> Use ModifiedUtf.utfLen instead of static import for readability
src/java.base/share/classes/java/lang/Class.java line 4163:
> 4161: // Quick approximation: each char can be at most 3 bytes in Modified UTF-8.
> 4162: // If the string is short enough, it definitely fits.
> 4163: if (name.length() * 3 <= JAVA_CLASSNAME_MAX_LEN) {
Won't this incorrectly return true on overflow?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26802#discussion_r2305956047
More information about the core-libs-dev
mailing list