[mvt] RFR: add access check to ValueType method handle generation

Maurizio Cimadamore maurizio.cimadamore at oracle.com
Tue Jun 6 15:01:32 UTC 2017


Hi,
this patch addresses an issue that was recently discovered during some 
internal testing. The culprit is that no access check is performed when 
generating bytecode for ValueType.findGetter and ValueType.findWither 
and, as a result it is possible to get your hand on a method handle that 
refers to inaccessible fields - execution will then fail with a more 
obscure error message when the class containing the synthetic MH 
bytecode is loaded/executed.

The solution is to add an explicit Lookup parameter to these routines, 
to make sure that access checking is always performed before returning 
the (possibly cached) method handle.

Note that the accessCheck could in principle apply to 
substitutabilityTest and substitutabilityHashCode, but we have decided 
to let these two pass for now (by using a sufficiently privileged lookup 
object to load the MH code).

Cheers
Maurizio



More information about the valhalla-dev mailing list