Ivan, This change looks good to me.
It's a pity we can't use 3-args InputStream.readNBytes here. Unrelated to your change: it looks a bit wasteful to create a zero-length byte array only to throw it away later. We could probably pre-size it or at least make it a `private static final`? -Pavel > On 11 May 2019, at 23:07, Ivan Gerasimov <[email protected]> wrote: > > Hello! > > An integer overflow during array size calculation can happen in a case of > loading extremely huge class file (which is unlikely in the real world). > > It is possible to create a regression test (see the bug), though I doubt it > would carry much weight while requiring much memory. > > I did check manually that the POC runs fine with the patched JDK. > > Would you please help review the fix? > > BUGURL: https://bugs.openjdk.java.net/browse/JDK-8223730 > WEBREV: http://cr.openjdk.java.net/~igerasim/8223730/00/webrev/ > > -- > With kind regards, > Ivan Gerasimov >
