RFR: 8328874: Class::forName0 should validate the class name length early [v10]
David Holmes
dholmes at openjdk.org
Fri Aug 29 05:55:43 UTC 2025
On Thu, 28 Aug 2025 15:32:58 GMT, Guanqiang Han <ghan at openjdk.org> wrote:
>> src/java.base/share/classes/java/lang/Class.java line 4170:
>>
>>> 4168: // The check utfLen >= nameLen ensures we don't incorrectly return true in case of int overflow.
>>> 4169: int utfLen = ModifiedUtf.utfLen(name, 0);
>>> 4170: return utfLen <= JAVA_CLASSNAME_MAX_LEN && utfLen >= nameLen;
>>
>> A typical overflow-conscious idiom is to subtract the unknown value from the known positive number and compare with 0.
>> Suggestion:
>>
>> int utfLen = ModifiedUtf.utfLen(name, 0);
>> return JAVA_CLASSNAME_MAX_LEN - utfLen >= 0;
>
> @RogerRiggs Good catch! Fixed.
That doesn't seem right to me. If we massively overflow to get a value > -JAVA_CLASSNAME_MAX_LEN but < 0 then the subtraction becomes addition and we get a small positive value.
Really ModifiedUtf.utflen should be defined to return long so the caller can more easily deal with overflow. Giant strings are a PITA.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26802#discussion_r2309215932
More information about the core-libs-dev
mailing list