RFR: 8328874: Class::forName0 should validate the class name length early [v13]
Chen Liang
liach at openjdk.org
Thu Sep 4 17:09:46 UTC 2025
On Thu, 4 Sep 2025 15:54:38 GMT, Guanqiang Han <ghan at openjdk.org> wrote:
>> src/java.base/share/classes/jdk/internal/util/ModifiedUtf.java line 80:
>>
>>> 78: */
>>> 79: @ForceInline
>>> 80: public static boolean classNameLengthIsValid(String name) {
>>
>> This can be reused by `DataOutput` too, so maybe just `isEncodable`
>
> @liach This only checks the encoded length rather than full encodability — would a name like isValidLen be more accurate?
Sure, we can go with that name!
>> src/java.base/share/classes/jdk/internal/util/ModifiedUtf.java line 87:
>>
>>> 85: return true;
>>> 86: }
>>> 87: // Check exact Modified UTF-8 length.
>>
>> Before doing that, I recommend another fast path `if (nameLen > MAX_LEN) return false`.
>
> @liach I was thinking whether it might be better to place **if (nameLen > MAX_LEN) return false** after the **if (nameLen <= MAX_LEN / 3) return true** check, since in most cases nameLen will be smaller than MAX_LEN / 3 and this order would optimize for the common case.
Yep, this is after the true check.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26802#discussion_r2322832084
PR Review Comment: https://git.openjdk.org/jdk/pull/26802#discussion_r2322832768
More information about the core-libs-dev
mailing list