RFR: 8328874: Class::forName0 should validate the class name length early [v16]
Chen Liang
liach at openjdk.org
Tue Sep 9 02:39:18 UTC 2025
On Tue, 9 Sep 2025 01:05:37 GMT, Guanqiang Han <ghan at openjdk.org> wrote:
>> Validate class name length immediately after GetStringUTFLength() in Class.forName0. This prevents potential issues caused by overly long class names before they reach later code that would reject them, throwing ClassNotFoundException early.
>
> Guanqiang Han has updated the pull request incrementally with one additional commit since the last revision:
>
> Update Class.java
>
> Improve error log
Sure, though this truncation may be wrong with over-one-byte characters (like ö or Chinese characters) but we don't need to be too strict about this. (Though I personally don't believe such will occur frequently in logs, which usually indicate a bad programming pattern instead)
-------------
Marked as reviewed by liach (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/26802#pullrequestreview-3198826978
More information about the core-libs-dev
mailing list