On Mon, 11 Aug 2025 11:33:19 GMT, Per Minborg <pminb...@openjdk.org> wrote:
> ### Description > This PR proposes to update the `ClassLoader` implementation to properly guard > access to the provided `ByteBuffer` when defining a class using > `defineClass(String, ByteBuffer, ...)`. Specifically, calls to > `SharedSecrets.getJavaNioAccess().acquireSession(ByteBuffer)` and > `releaseSession(ByteBuffer)` have been introduced to ensure safe and > consistent buffer access throughout the native class definition process, even > in the case of a `ByteBuffer` is backed by a `MemorySegment`. > > ### Impact > This modification is internal to the `ClassLoader` implementation and does > not affect the public API. > Improves the robustness and security of class loading from buffers. > > ### Testing > Tier 1, 2, and 3 JDK tests pass on multiple platforms. The change looks okay. One thing to check if whether we have tests for JNI GetDirectBufferAddress when the byte buffer is a view of a memory segment. ------------- PR Comment: https://git.openjdk.org/jdk/pull/26724#issuecomment-3175258539
