RFR(S) 8166304: Skipping access check for classes generated by core reflection
harold seigel
harold.seigel at oracle.com
Wed Nov 16 13:33:13 UTC 2016
Thanks Robbin! I'll add the missing 'return;'.
Harold
On 11/16/2016 4:49 AM, Robbin Ehn wrote:
> Hi Harlod,
>
> Is there a reason for not doing a return after the exception is thrown?
> + Exceptions::fthrow(
> + THREAD_AND_LOCATION,
> + vmSymbols::java_lang_IllegalAccessError(),
> + "class %s loaded by %s cannot access jdk/internal/reflect
> superclass %s",
> + this_klass->external_name(), this_cld->loader_name(),
> super->external_name());
> ----> return; ????
> + }
> + }
>
> /Robbin
>
> On 11/15/2016 03:09 PM, harold seigel wrote:
>> Hi,
>>
>> Please review this fix for bug JDK-8166304. The fix throws an
>> IllegalAccessError exception when attempting to create a class that
>> is a sub-type of a jdk.internal.reflect
>> class, unless the class loader is either the boot loader or the
>> special reflection class loader. This prevents user classes from
>> being able to extend jdk.internal.reflect
>> classes in order to bypass Reflection.getCallerClass.
>>
>> Open webrev: http://cr.openjdk.java.net/~hseigel/bug_8166304/
>>
>> JBS bug: https://bugs.openjdk.java.net/browse/JDK-8166304
>>
>> The fix was tested with the JCK Lang and vm tests, the JTreg hotspot,
>> java/io, java/lang, and java/util tests, the nsk co-located and the
>> non-co-located tests, the RBT
>> tier2 tests, and the test in the webrev.
>>
>> A sample error message looks like this:
>>
>> java.lang.IllegalAccessError: class FakeMethodAccessor loaded by
>> jdk/internal/loader/ClassLoaders$AppClassLoader cannot access
>> jdk/internal/reflect superclass
>> jdk.internal.reflect.MethodAccessorImpl
>>
>> Thanks, Harold
>>
More information about the hotspot-runtime-dev
mailing list