RFR: 8328874: Class::forName0 should validate the class name length early [v9]
Guanqiang Han
ghan at openjdk.org
Thu Aug 28 04:06:44 UTC 2025
On Thu, 28 Aug 2025 02:13:52 GMT, Jason Mehrens <duke at openjdk.org> wrote:
>> Guanqiang Han has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Update Class.java
>>
>> Use ModifiedUtf.utfLen instead of static import for readability
>
> src/java.base/share/classes/java/lang/Class.java line 4163:
>
>> 4161: // Quick approximation: each char can be at most 3 bytes in Modified UTF-8.
>> 4162: // If the string is short enough, it definitely fits.
>> 4163: if (name.length() * 3 <= JAVA_CLASSNAME_MAX_LEN) {
>
> Won't this incorrectly return true on overflow?
hi @jmehrens @ExE-Boss , thanks a lot! I also noticed that ModifiedUtf.utfLen may overflow for very long string, so I’ve added protection to handle this safely. Please have another look.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26802#discussion_r2306108811
More information about the core-libs-dev
mailing list