RFR: 8328874: Class::forName0 should validate the class name length early [v13]
Guanqiang Han
ghan at openjdk.org
Thu Sep 4 16:03:47 UTC 2025
On Thu, 4 Sep 2025 14:42:40 GMT, Chen Liang <liach at openjdk.org> wrote:
>> Guanqiang Han has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 16 additional commits since the last revision:
>>
>> - move common method into a common file.
>> - Merge remote-tracking branch 'upstream/master' into 8328874
>> - Update Class.java
>>
>> change overflow check
>> - Update Class.java
>>
>> Simplify length check
>> - Update Class.java
>>
>> avoid the case of int overflow
>> - Update Class.java
>>
>> Use ModifiedUtf.utfLen instead of static import for readability
>> - change copyright year
>> - a small fix
>> - add regression test
>> - Merge remote-tracking branch 'upstream/master' into 8328874
>> - ... and 6 more: https://git.openjdk.org/jdk/compare/edb7a478...edc1694d
>
> src/java.base/share/classes/jdk/internal/util/ModifiedUtf.java line 87:
>
>> 85: return true;
>> 86: }
>> 87: // Check exact Modified UTF-8 length.
>
> Before doing that, I recommend another fast path `if (nameLen > MAX_LEN) return false`.
@liach I was thinking whether it might be better to place **if (nameLen > MAX_LEN) return false** after the **if (nameLen <= MAX_LEN / 3) return true** check, since in most cases nameLen will be smaller than MAX_LEN / 3 and this order would optimize for the common case.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26802#discussion_r2322673732
More information about the core-libs-dev
mailing list