Hi,

 

Please review the following fix in JDK9 at your convenience:

 

Bug : https://bugs.openjdk.java.net/browse/JDK-8160455 

Webrev : http://cr.openjdk.java.net/~jdv/8160455/webrev.00/ 

 

Root cause : We are directly getting string present in XML DOM tree from 
attribute "tagSets" and creating class from it using class.forName(). XML DOM 
tree string can be an invalid also which we don't check.

Solution : Verify whether the string from XML DOM tree maps to any of the 
subclasses of "TIFFTagSet" before initializing the class using 
isAssignableFrom(). This adds tighter check before initializing the class from 
XML DOM tree string.

 

Thanks,

Jay 

Reply via email to