RFR: 8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent

Coleen Phillimore coleen.phillimore at oracle.com
Wed Aug 17 14:14:06 UTC 2016

Hi Rachel,

I really like how you separated out relax_access_check_for and 
relax_format_check_for cases since they're different.

This code change looks really good.


On 8/16/16 4:21 PM, Rachel Protacio wrote:
> Hi,
> Bug summary: fuzzing a class file so that the class name "SomeClass" 
> is instead "LSomeClass;" passed unnoticed through the VM because it 
> was not format checked by default and the L; were stripped off before 
> lookup.
> This fix makes sure that all class names loaded by the app class 
> loader are format checked by default. The Verifier::relax_verify_for() 
> function that was previously used for both format checking (setting 
> _relax_verify) and reflection (as an access check) has been renamed to 
> relax_access_for() specifically for its use in reflection.cpp. A 
> relax_format_check_for() function has been added to 
> classFileParser.cpp to address the format checking, only "relaxing" 
> the check if loaded by the boot loader or platform class loader.
> This fix adds a jtreg test, and the change passes JCK vm tests and WLS 
> tests, in addition to JPRT and RBT hotspot_all and non-colo tests. A 
> compatibility request has been approved for this change.
> Bug: https://bugs.openjdk.java.net/browse/JDK-8148854
> Open webrev: http://cr.openjdk.java.net/~rprotacio/8148854.00/
> Thanks!
> Rachel

More information about the hotspot-runtime-dev mailing list