[mvt] RFR: add access check to ValueType method handle generation
Maurizio Cimadamore
maurizio.cimadamore at oracle.com
Tue Jun 6 15:01:59 UTC 2017
Whoops - here's the webrev link
http://cr.openjdk.java.net/~mcimadamore/mvt_access_check/
Maurizio
On 06/06/17 16:01, Maurizio Cimadamore wrote:
> Hi,
> this patch addresses an issue that was recently discovered during some
> internal testing. The culprit is that no access check is performed
> when generating bytecode for ValueType.findGetter and
> ValueType.findWither and, as a result it is possible to get your hand
> on a method handle that refers to inaccessible fields - execution will
> then fail with a more obscure error message when the class containing
> the synthetic MH bytecode is loaded/executed.
>
> The solution is to add an explicit Lookup parameter to these routines,
> to make sure that access checking is always performed before returning
> the (possibly cached) method handle.
>
> Note that the accessCheck could in principle apply to
> substitutabilityTest and substitutabilityHashCode, but we have decided
> to let these two pass for now (by using a sufficiently privileged
> lookup object to load the MH code).
>
> Cheers
> Maurizio
>
More information about the valhalla-dev
mailing list