On Fri, 29 Aug 2025 06:45:25 GMT, Guanqiang Han <g...@openjdk.org> wrote:
>> Validate class name length immediately after GetStringUTFLength() in
>> Class.forName0. This prevents potential issues caused by overly long class
>> names before they reach later code that would reject them, throwing
>> ClassNotFoundException early.
>
> Guanqiang Han has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Update Class.java
>
> change overflow check
Two minor comments/suggestions. Looks good otherwise.
src/java.base/share/classes/java/lang/Class.java line 226:
> 224: private static final int ENUM = 0x00004000;
> 225: private static final int SYNTHETIC = 0x00001000;
> 226: private static final int JAVA_CLASSNAME_MAX_LEN = 65535;
Do we need a comment explaining where this magic number comes from?
src/java.base/share/classes/java/lang/Class.java line 4170:
> 4168: // The check utfLen >= nameLen ensures we don't incorrectly
> return true in case of int overflow.
> 4169: int utfLen = ModifiedUtf.utfLen(name, 0);
> 4170: return utfLen <= JAVA_CLASSNAME_MAX_LEN && utfLen >= nameLen;
I would probably use early-return for the overflow case, sth like the
following, to separate the normal logic from error-handling logic.
if (utfLen < nameLen) {
// overflowing...
return false;
}
return utfLen <= JAVA_CLASSNAME_MAX_LEN;
-------------
Marked as reviewed by ayang (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/26802#pullrequestreview-3179936966
PR Review Comment: https://git.openjdk.org/jdk/pull/26802#discussion_r2318477446
PR Review Comment: https://git.openjdk.org/jdk/pull/26802#discussion_r2318477926
