On Thu, 4 Sep 2025 13:22:08 GMT, Guanqiang Han <g...@openjdk.org> wrote:
>> Validate class name length immediately after GetStringUTFLength() in >> Class.forName0. This prevents potential issues caused by overly long class >> names before they reach later code that would reject them, throwing >> ClassNotFoundException early. > > Guanqiang Han has updated the pull request with a new target base due to a > merge or a rebase. The incremental webrev excludes the unrelated changes > brought in by the merge/rebase. The pull request contains 16 additional > commits since the last revision: > > - move common method into a common file. > - Merge remote-tracking branch 'upstream/master' into 8328874 > - Update Class.java > > change overflow check > - Update Class.java > > Simplify length check > - Update Class.java > > avoid the case of int overflow > - Update Class.java > > Use ModifiedUtf.utfLen instead of static import for readability > - change copyright year > - a small fix > - add regression test > - Merge remote-tracking branch 'upstream/master' into 8328874 > - ... and 6 more: https://git.openjdk.org/jdk/compare/248089f6...edc1694d test/jdk/java/lang/Class/forName/ForNameNames.java line 97: > 95: void testTooLongName() { > 96: ClassLoader loader = ForNameNames.class.getClassLoader(); > 97: String tooLongName = "A".repeat(JAVA_CLASSNAME_MAX_LEN+1); Its would be good to test strings at each of the boundary conditions and each of the encoded lengths. 1-byte, 2-byte, and 3 byte forms at the MAX_LEN-1, MAX_LEN, MAX_LEN+1, and less than, equal, and more than MAX_LEN/3. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/26802#discussion_r2323117857
