On Sun, 7 Sep 2025 09:03:56 GMT, Guanqiang Han <g...@openjdk.org> wrote:
>> Validate class name length immediately after GetStringUTFLength() in >> Class.forName0. This prevents potential issues caused by overly long class >> names before they reach later code that would reject them, throwing >> ClassNotFoundException early. > > Guanqiang Han has updated the pull request with a new target base due to a > merge or a rebase. The incremental webrev excludes the unrelated changes > brought in by the merge/rebase. The pull request contains 18 additional > commits since the last revision: > > - Optimize implementation > - Merge remote-tracking branch 'upstream/master' into 8328874 > - move common method into a common file. > - Merge remote-tracking branch 'upstream/master' into 8328874 > - Update Class.java > > change overflow check > - Update Class.java > > Simplify length check > - Update Class.java > > avoid the case of int overflow > - Update Class.java > > Use ModifiedUtf.utfLen instead of static import for readability > - change copyright year > - a small fix > - ... and 8 more: https://git.openjdk.org/jdk/compare/57721ee7...c01a6d58 src/java.base/share/classes/jdk/internal/util/ModifiedUtf.java line 95: > 93: // The check utfLen >= strLen ensures we don't incorrectly return > true in case of int overflow. > 94: int utfLen = utfLen(str, 0); > 95: return utfLen >= strLen && utfLen <= CONSTANT_POOL_UTF8_MAX_BYTES; Now that the `strLen > CONSTANT_POOL_UTF8_MAX_BYTES` check is performed above, `utfLen` can be at most `CONSTANT_POOL_UTF8_MAX_BYTES * 3` here (`196_605`), which can’t overflow an `int`, so this check can be simplified: Suggestion: // The check strLen > CONSTANT_POOL_UTF8_MAX_BYTES above ensures that utfLen can't overflow here. int utfLen = utfLen(str, 0); return utfLen <= CONSTANT_POOL_UTF8_MAX_BYTES; ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/26802#discussion_r2328596638
