/hg/icedtea-web: PR1145: IcedTea-Web can cause ClassCircularityE...
omajid at icedtea.classpath.org
omajid at icedtea.classpath.org
Fri Oct 5 20:06:10 PDT 2012
changeset 5a473790c21d in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=5a473790c21d
author: Omair Majid <omajid at redhat.com>
date: Fri Oct 05 23:02:53 2012 -0400
PR1145: IcedTea-Web can cause ClassCircularityError
It is possible for the ClassLoader to encounter a ClassCircularityError.
This can happen when the ClassLoader detects that checking if a class
'A' has been loaded triggers another check of whether 'A' has been
loaded before the first check has completed. This can happen easily when
trying to load Policy or Permission classes, which lie in our code path
that checks whether a class has been loaded.
One possible fix is to ensure these classes are not in the path of code
that gets executed when we are trying to check for a class. This can be
done by removing the call to getAccessControlContextForClassLoading. The
javadocs for ClassLoader.findLoadedClass do not mention any
permissions required to call the method nor do they mention that the
method can throw a SecurityException. The native code that implements
findLoadedClass does not have any security checks either. The
doProvileged block is probably not needed here and removing it breaks
the circularity.
diffstat:
ChangeLog | 9 +++++++++
NEWS | 1 +
netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java | 14 +-------------
3 files changed, 11 insertions(+), 13 deletions(-)
diffs (58 lines):
diff -r 3c9fc2571585 -r 5a473790c21d ChangeLog
--- a/ChangeLog Wed Oct 03 19:19:30 2012 +0200
+++ b/ChangeLog Fri Oct 05 23:02:53 2012 -0400
@@ -1,3 +1,12 @@
+2012-10-05 Omair Majid <omajid at redhat.com>
+
+ PR1145
+ * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
+ (getAccessControlContextForClassLoading): Do not catch
+ ClassCircularityError.
+ (findLoadedClassAll): Call findLoadedClass without any special
+ permissions.
+
2012-10-03 Jana Fabrikova <jfabriko at redhat.com>
* tests/reproducers/simple/JSToJGet:
diff -r 3c9fc2571585 -r 5a473790c21d NEWS
--- a/NEWS Wed Oct 03 19:19:30 2012 +0200
+++ b/NEWS Fri Oct 05 23:02:53 2012 -0400
@@ -17,6 +17,7 @@
* Common
- PR1049: Extension jnlp's signed jar with the content of only META-INF/* is considered
- PR955: regression: SweetHome3D fails to run
+ - PR1145: IcedTea-Web can cause ClassCircularityError
- PR1161: X509VariableTrustManager does not work correctly with OpenJDK7
New in release 1.3 (2012-XX-XX):
diff -r 3c9fc2571585 -r 5a473790c21d netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Wed Oct 03 19:19:30 2012 +0200
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Fri Oct 05 23:02:53 2012 -0400
@@ -1494,17 +1494,7 @@
Class result = null;
if (loaders[i] == this) {
- final String fName = name;
- try {
- result = AccessController.doPrivileged(
- new PrivilegedExceptionAction<Class<?>>() {
- public Class<?> run() {
- return JNLPClassLoader.super.findLoadedClass(fName);
- }
- }, getAccessControlContextForClassLoading());
- } catch (PrivilegedActionException pae) {
- result = null;
- }
+ result = JNLPClassLoader.super.findLoadedClass(name);
} else {
result = loaders[i].findLoadedClassAll(name);
}
@@ -2154,8 +2144,6 @@
return context; // If context already has all permissions, don't bother
} catch (AccessControlException ace) {
// continue below
- } catch (ClassCircularityError cce) {
- // continue below
}
// Since this is for class-loading, technically any class from one jar
More information about the distro-pkg-dev
mailing list