+2 Brian
On Aug 4, 2016, at 8:31 AM, Philip Race <philip.r...@oracle.com> wrote: > +1 > > -phil > > On 8/4/16, 4:55 AM, Jayathirth D V wrote: >> >> Hi, >> >> Please review the following fix in JDK9 at your convenience: >> >> Bug :https://bugs.openjdk.java.net/browse/JDK-8160455 >> Webrev :http://cr.openjdk.java.net/~jdv/8160455/webrev.00/ >> >> Root cause : We are directly getting string present in XML DOM tree from >> attribute “tagSets” and creating class from it using class.forName(). XML >> DOM tree string can be an invalid also which we don’t check. >> Solution : Verify whether the string from XML DOM tree maps to any of the >> subclasses of “TIFFTagSet” before initializing the class using >> isAssignableFrom(). This adds tighter check before initializing the class >> from XML DOM tree string. >> >> Thanks, >> Jay
