RFR: 8365588: defineClass that accepts a ByteBuffer does not work as expected
Chen Liang
liach at openjdk.org
Tue Sep 30 20:03:26 UTC 2025
On Tue, 30 Sep 2025 17:47:12 GMT, Alan Bateman <alanb at openjdk.org> wrote:
>> src/java.base/share/classes/java/lang/ClassLoader.java line 1075:
>>
>>> 1073: }
>>> 1074:
>>> 1075: private Class<?> defineClass(String name, ByteBuffer b, int len, ProtectionDomain pb) {
>>
>> Is an additional method really needed?
>> Couldn't we just add a new local `ByteBuffer` reference, point it to either `b` (if trusted) or the newly allocated BB if not, and continue as before, passing the new reference to `defineClass2()`?
>
> The separate method keeps it easier to audit (and review) so I'd prefer to keep it as proposed. It is very possible that we will have additional cases to trust in the future and it would complicated the conditions in the caller if everything is in one method.
Why is the ProtectionDomain named `pb` instead of `pd`? What does `b` stand for?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27569#discussion_r2392695851
More information about the core-libs-dev
mailing list