RFR: 8361635: Missing List length validation in the Class-File API [v2]
Chen Liang
liach at openjdk.org
Sun Jul 13 23:58:38 UTC 2025
> The `class` file format often only stores lists up to 65535 in size because size is encoded as a u2. Currently, we truncate the list size and write all contents, creating malformed `class` files. Almost all scenarios where such oversized lists are created can be considered an error; we should eagerly reject lists that would never be encodable in the `class` file format when users construct model objects.
Chen Liang has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains eight additional commits since the last revision:
- Merge branch 'fix/cf-u2-validation' into fix/cf-list-sizes
- Specify the list IAEs individually with clear size values
- Spec updates
- Years
- Rollback redundant label change
- Add more pseudo checks, also tests
- Few more places
- Sanitize u2 lists wip
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/26252/files
- new: https://git.openjdk.org/jdk/pull/26252/files/4ab67b40..8b393932
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=26252&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=26252&range=00-01
Stats: 10159 lines in 332 files changed: 5203 ins; 1939 del; 3017 mod
Patch: https://git.openjdk.org/jdk/pull/26252.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/26252/head:pull/26252
PR: https://git.openjdk.org/jdk/pull/26252
More information about the core-libs-dev
mailing list