RFR: 8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
Coleen Phillimore
coleen.phillimore at oracle.com
Wed Aug 17 14:14:06 UTC 2016
Hi Rachel,
I really like how you separated out relax_access_check_for and
relax_format_check_for cases since they're different.
This code change looks really good.
Coleen
On 8/16/16 4:21 PM, Rachel Protacio wrote:
> Hi,
>
> Bug summary: fuzzing a class file so that the class name "SomeClass"
> is instead "LSomeClass;" passed unnoticed through the VM because it
> was not format checked by default and the L; were stripped off before
> lookup.
>
> This fix makes sure that all class names loaded by the app class
> loader are format checked by default. The Verifier::relax_verify_for()
> function that was previously used for both format checking (setting
> _relax_verify) and reflection (as an access check) has been renamed to
> relax_access_for() specifically for its use in reflection.cpp. A
> relax_format_check_for() function has been added to
> classFileParser.cpp to address the format checking, only "relaxing"
> the check if loaded by the boot loader or platform class loader.
>
> This fix adds a jtreg test, and the change passes JCK vm tests and WLS
> tests, in addition to JPRT and RBT hotspot_all and non-colo tests. A
> compatibility request has been approved for this change.
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8148854
> Open webrev: http://cr.openjdk.java.net/~rprotacio/8148854.00/
>
> Thanks!
> Rachel
More information about the hotspot-runtime-dev
mailing list