RFR: 8361635: Missing List length validation in the Class-File API
Adam Sotona
asotona at openjdk.org
Fri Jul 11 14:40:43 UTC 2025
On Thu, 10 Jul 2025 21:01:18 GMT, Chen Liang <liach at openjdk.org> wrote:
> The `class` file format often only stores lists up to 65535 in size because size is encoded as a u2. Currently, we truncate the list size and write all contents, creating malformed `class` files. Almost all scenarios where such oversized lists are created can be considered an error; we should eagerly reject lists that would never be encodable in the `class` file format when users construct model objects.
Great job for mitigating accidental building of invalid class files!
-------------
Marked as reviewed by asotona (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/26252#pullrequestreview-3010572554
More information about the core-libs-dev
mailing list