RFR 8223730 : URLClassLoader.findClass() can throw IndexOutOfBoundsException

Ivan Gerasimov ivan.gerasimov at oracle.com
Sat May 11 22:07:49 UTC 2019


An integer overflow during array size calculation can happen in a case 
of loading extremely huge class file (which is unlikely in the real world).

It is possible to create a regression test (see the bug), though I doubt 
it would carry much weight while requiring much memory.

I did check manually that the POC runs fine with the patched JDK.

Would you please help review the fix?

BUGURL: https://bugs.openjdk.java.net/browse/JDK-8223730
WEBREV: http://cr.openjdk.java.net/~igerasim/8223730/00/webrev/

With kind regards,
Ivan Gerasimov

More information about the core-libs-dev mailing list