RFR: 8268129: LibraryLookup::ofDefault leaks symbols from loaded libraries [v7]

Maurizio Cimadamore mcimadamore at openjdk.java.net
Tue Oct 12 20:41:00 UTC 2021


On Tue, 12 Oct 2021 18:11:56 GMT, Cheng Jin <duke at openjdk.java.net> wrote:

> Just tried with `System.load()` but still ended up with pretty much the same failure given both of them eventually invokes `ClassLoader.loadLibrary` to load the library in which case there is no big difference at this point.

Yes and no. System::loadLibrary wants a library name (no extension). It will add a library prefix (e.g. `lib` on linux) and a library suffix (e.g. `.so` on linux). So, if you do:


System.loadLibrary("c")


You will end up with `libc.so`. The `System::loadLibrary` logic will then try to find that file in any of the known library paths.

`System.load` avoids this by accepting the full path of the library. So there's no guessing the path, nor guessing of prefix/suffix. But it seems like loading still fails, likely because we try to load this library with `dlopen` but this is a static library, so for `dlopen` it just doesn't make sense.

-------------

PR: https://git.openjdk.java.net/jdk/pull/4316


More information about the security-dev mailing list