RFR: 8361635: Missing List length validation in the Class-File API
Chen Liang
liach at openjdk.org
Thu Jul 10 21:30:53 UTC 2025
The `class` file format often only stores lists up to 65535 in size because size is encoded as a u2. Currently, we truncate the list size and write all contents, creating malformed `class` files. Almost all scenarios where such oversized lists are created can be considered an error; we should eagerly reject lists that would never be encodable in the `class` file format when users construct model objects.
-------------
Depends on: https://git.openjdk.org/jdk/pull/26201
Commit messages:
- Specify the list IAEs individually with clear size values
- Spec updates
- Years
- Rollback redundant label change
- Add more pseudo checks, also tests
- Few more places
- Sanitize u2 lists wip
Changes: https://git.openjdk.org/jdk/pull/26252/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=26252&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8361635
Stats: 811 lines in 46 files changed: 704 ins; 20 del; 87 mod
Patch: https://git.openjdk.org/jdk/pull/26252.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/26252/head:pull/26252
PR: https://git.openjdk.org/jdk/pull/26252
More information about the core-libs-dev
mailing list