RFR: 8328874: Class::forName0 should validate the class name length early [v13]
Guanqiang Han
ghan at openjdk.org
Thu Sep 4 13:22:08 UTC 2025
> Validate class name length immediately after GetStringUTFLength() in Class.forName0. This prevents potential issues caused by overly long class names before they reach later code that would reject them, throwing ClassNotFoundException early.
Guanqiang Han has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 16 additional commits since the last revision:
- move common method into a common file.
- Merge remote-tracking branch 'upstream/master' into 8328874
- Update Class.java
change overflow check
- Update Class.java
Simplify length check
- Update Class.java
avoid the case of int overflow
- Update Class.java
Use ModifiedUtf.utfLen instead of static import for readability
- change copyright year
- a small fix
- add regression test
- Merge remote-tracking branch 'upstream/master' into 8328874
- ... and 6 more: https://git.openjdk.org/jdk/compare/a30799ba...edc1694d
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/26802/files
- new: https://git.openjdk.org/jdk/pull/26802/files/9c580f0d..edc1694d
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=26802&range=12
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=26802&range=11-12
Stats: 22075 lines in 1027 files changed: 15508 ins; 3161 del; 3406 mod
Patch: https://git.openjdk.org/jdk/pull/26802.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/26802/head:pull/26802
PR: https://git.openjdk.org/jdk/pull/26802
More information about the core-libs-dev
mailing list