Hi,
On Tue, 2002-08-06 at 22:09, Philip Fong wrote:
> The behavior of java.security.SecureClassLoader seems to differ from
> that specified in Java 1.3.1 API spec. According to the API spec,
> method defineClass(String, byte[], int, int, CodeSource) may
> optionally ignore the CodeSource argument if it is null. In the
> 0.04 release, a null CodeSource will cause a NullPointerException
> inside getPermissions. I checked with the cvs just now, and
> it looks like the problem has not been solved. Attached is
> a small patch that fix this. Is this the right way of doing
> it?
>
> Also, the fix also remove the catching of ClassFormatError. That
> error is raised if the classfile is corrupted, and IMHO such a serious
> error should propagate upward to the caller. Am I understanding
> correctly?
Yes. The old behavior was clearly broken.
I applied this patch to CVS.
2002-08-13 Philip Fong <[EMAIL PROTECTED]>
* java/security/SecureClassLoader.java (SecureClassLoader): Only
create ProtectionDomain when CodeSource is not null. Don't catch and
ignore ClassFormatError.
Thanks,
Mark
_______________________________________________
Classpath mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/classpath
