[mvt] RFR: add access check to ValueType method handle generation
Maurizio Cimadamore
maurizio.cimadamore at oracle.com
Tue Jun 6 15:01:32 UTC 2017
Hi,
this patch addresses an issue that was recently discovered during some
internal testing. The culprit is that no access check is performed when
generating bytecode for ValueType.findGetter and ValueType.findWither
and, as a result it is possible to get your hand on a method handle that
refers to inaccessible fields - execution will then fail with a more
obscure error message when the class containing the synthetic MH
bytecode is loaded/executed.
The solution is to add an explicit Lookup parameter to these routines,
to make sure that access checking is always performed before returning
the (possibly cached) method handle.
Note that the accessCheck could in principle apply to
substitutabilityTest and substitutabilityHashCode, but we have decided
to let these two pass for now (by using a sufficiently privileged lookup
object to load the MH code).
Cheers
Maurizio
More information about the valhalla-dev
mailing list