On Fri, 29 Aug 2025 06:45:25 GMT, Guanqiang Han <g...@openjdk.org> wrote:
>> Validate class name length immediately after GetStringUTFLength() in >> Class.forName0. This prevents potential issues caused by overly long class >> names before they reach later code that would reject them, throwing >> ClassNotFoundException early. > > Guanqiang Han has updated the pull request incrementally with one additional > commit since the last revision: > > Update Class.java > > change overflow check > /reviewers 2 reviewer > > I recommend putting this PR on hold - 65535 encoded size for modified utf8 is > significant enough for a cross-JDK utility. As @rose00 suggested, I think I > will explore adding a check in ClassFile API, and sharing the check with here. A common boolean function is useful and can be better optimized. The function should be in a common utility area, but the ClassFile API is a higher level API specific to class files. Most developers won't think to look there. The jdk.internal.util.ModifiedUtf isn't a bad place for both the boolean function and the utfLen function. ------------- PR Comment: https://git.openjdk.org/jdk/pull/26802#issuecomment-3250349748
