RFR: 8361635: Missing List length validation in the Class-File API
Adam Sotona
asotona at openjdk.org
Fri Jul 11 14:30:48 UTC 2025
On Fri, 11 Jul 2025 14:25:40 GMT, Chen Liang <liach at openjdk.org> wrote:
>> The `class` file format often only stores lists up to 65535 in size because size is encoded as a u2. Currently, we truncate the list size and write all contents, creating malformed `class` files. Almost all scenarios where such oversized lists are created can be considered an error; we should eagerly reject lists that would never be encodable in the `class` file format when users construct model objects.
>
> src/java.base/share/classes/java/lang/classfile/attribute/ModuleAttribute.java line 174:
>
>> 172: * @param provides the provided services
>> 173: * @throws IllegalArgumentException if {@code moduleFlags} is not in the
>> 174: * range {@code [0, 65535]}, or any of the collections have more than
>
> Should I say `any of the {@code Collection} arguments` instead? The uses, services, provides, etc. are passed as `Collection` to this factory.
I'm sorry, I take it back. It is OK.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26252#discussion_r2200879729
More information about the core-libs-dev
mailing list