RFR: 8328874: Class::forName0 should validate the class name length early [v13]
Guanqiang Han
ghan at openjdk.org
Thu Sep 4 15:57:48 UTC 2025
On Thu, 4 Sep 2025 14:42:33 GMT, Chen Liang <liach at openjdk.org> wrote:
>> Guanqiang Han has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 16 additional commits since the last revision:
>>
>> - move common method into a common file.
>> - Merge remote-tracking branch 'upstream/master' into 8328874
>> - Update Class.java
>>
>> change overflow check
>> - Update Class.java
>>
>> Simplify length check
>> - Update Class.java
>>
>> avoid the case of int overflow
>> - Update Class.java
>>
>> Use ModifiedUtf.utfLen instead of static import for readability
>> - change copyright year
>> - a small fix
>> - add regression test
>> - Merge remote-tracking branch 'upstream/master' into 8328874
>> - ... and 6 more: https://git.openjdk.org/jdk/compare/ddf5e10b...edc1694d
>
> src/java.base/share/classes/jdk/internal/util/ModifiedUtf.java line 80:
>
>> 78: */
>> 79: @ForceInline
>> 80: public static boolean classNameLengthIsValid(String name) {
>
> This can be reused by `DataOutput` too, so maybe just `isEncodable`
@liach This only checks the encoded length rather than full encodability — would a name like isValidLen be more accurate?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26802#discussion_r2322650439
More information about the core-libs-dev
mailing list