Integrated: 8361614: Missing sub-int value validation in the Class-File API

[Chen Liang]

On Tue, 8 Jul 2025 20:20:17 GMT, Chen Liang <liach at openjdk.org> wrote:

> In the `class` file format, a lot of the values are `u1` or `u2`; the Class-File API consistently model them with `int`. However, the API does not, in general, validate that int values passed to the factory methods are not out of the bounds as defined in the class file format. This patch proposes to add such validation for factory methods accepting such more narrow data, prepared by examining all `int`-accepting methods in the Class-File API.
> 
> I expect this to have a small compatibility impact - besides the -1 for the minor version, there is no other places where most significant bits are ever meaningful, and I special cased it and consistently fail fast for all other OOB values, which always mean programmer errors.
> 
> A CSR will be created soon as well.

This pull request has now been integrated.

Changeset: ae960772
Author:    Chen Liang <liach at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/ae9607725c8c6a1b2f2728dbb5f7993722497da7
Stats:     694 lines in 43 files changed: 503 ins; 58 del; 133 mod

8361614: Missing sub-int value validation in the Class-File API

Reviewed-by: asotona

-------------

PR: https://git.openjdk.org/jdk/pull/26201