RFR: 8361614: Missing sub-int value validation in the Class-File API [v5]
Chen Liang
liach at openjdk.org
Thu Aug 28 23:29:58 UTC 2025
> In the `class` file format, a lot of the values are `u1` or `u2`; the Class-File API consistently model them with `int`. However, the API does not, in general, validate that int values passed to the factory methods are not out of the bounds as defined in the class file format. This patch proposes to add such validation for factory methods accepting such more narrow data, prepared by examining all `int`-accepting methods in the Class-File API.
>
> I expect this to have a small compatibility impact - besides the -1 for the minor version, there is no other places where most significant bits are ever meaningful, and I special cased it and consistently fail fast for all other OOB values, which always mean programmer errors.
>
> A CSR will be created soon as well.
Chen Liang has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains six commits:
- New u2 central info stage
- Merge branch 'master' of https://github.com/openjdk/jdk into fix/cf-u2-validation
- Package-level information
- Merge branch 'master' of https://github.com/openjdk/jdk into fix/cf-u2-validation
- Fix style
- 8361614: Missing sub-int value validation in the Class-File API
-------------
Changes: https://git.openjdk.org/jdk/pull/26201/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=26201&range=04
Stats: 693 lines in 43 files changed: 502 ins; 58 del; 133 mod
Patch: https://git.openjdk.org/jdk/pull/26201.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/26201/head:pull/26201
PR: https://git.openjdk.org/jdk/pull/26201
More information about the core-libs-dev
mailing list