RFR: 8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent

[Rachel Protacio]

Thanks for the comments - I've fixed as requested: 
http://cr.openjdk.java.net/~rprotacio/8148854.01/
Rachel


On 8/17/2016 10:19 AM, Dmitry Dmitriev wrote:
> Hi Rachel,
>
> Can comment only test.
> FormatCheckingTest.java file:
> 1) I think that @build instructions are not needed for this test as 
> Christian wrote in review request for JDK-8157957 
> "ClassNotFoundException: jdk.test.lib.JDKToolFinder"(i.e. "If you run 
> only that test in a clean jtwork folder and it passes, then
> there's no need for @build.")
> 2) Test can be run in the same vm, i.e. you can remove "othervm" from 
> run action.  Or test should be run in othervm?
>
> Thank you,
> Dmitry
>
> On 16.08.2016 23:21, Rachel Protacio wrote:
>> Hi,
>>
>> Bug summary: fuzzing a class file so that the class name "SomeClass" 
>> is instead "LSomeClass;" passed unnoticed through the VM because it 
>> was not format checked by default and the L; were stripped off before 
>> lookup.
>>
>> This fix makes sure that all class names loaded by the app class 
>> loader are format checked by default. The 
>> Verifier::relax_verify_for() function that was previously used for 
>> both format checking (setting _relax_verify) and reflection (as an 
>> access check) has been renamed to relax_access_for() specifically for 
>> its use in reflection.cpp. A relax_format_check_for() function has 
>> been added to classFileParser.cpp to address the format checking, 
>> only "relaxing" the check if loaded by the boot loader or platform 
>> class loader.
>>
>> This fix adds a jtreg test, and the change passes JCK vm tests and 
>> WLS tests, in addition to JPRT and RBT hotspot_all and non-colo 
>> tests. A compatibility request has been approved for this change.
>>
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8148854
>> Open webrev: http://cr.openjdk.java.net/~rprotacio/8148854.00/
>>
>> Thanks!
>> Rachel
>