RFR: 8361635: Missing List length validation in the Class-File API [v2]
Chen Liang
liach at openjdk.org
Fri Aug 29 14:57:01 UTC 2025
On Sun, 13 Jul 2025 23:58:38 GMT, Chen Liang <liach at openjdk.org> wrote:
>> The `class` file format often only stores lists up to 65535 in size because size is encoded as a u2. Currently, we truncate the list size and write all contents, creating malformed `class` files. Almost all scenarios where such oversized lists are created can be considered an error; we should eagerly reject lists that would never be encodable in the `class` file format when users construct model objects.
>
> Chen Liang has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains eight commits:
>
> - Merge branch 'fix/cf-u2-validation' into fix/cf-list-sizes
> - Specify the list IAEs individually with clear size values
> - Spec updates
> - Years
> - Rollback redundant label change
> - Add more pseudo checks, also tests
> - Few more places
> - Sanitize u2 lists wip
I have updated this patch to be against mainline. The bot has a bit of latency that it still has a bunch of warnings, but there is no merge conflicts.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/26252#issuecomment-3237326973
More information about the core-libs-dev
mailing list