On May 7, 2009, at 7:57 AM, Rémi Forax wrote: > I don't fully understand why this line is needed but > it can be easily solve by using == instead of equals (on Class ??) > if (lookupClass.equals(Access.class)) lookupClass = null; > > is replaced by: > if (lookupClass==Access.class) lookupClass = null;
Thanks for finding that bug. (That was quick!) I'm trying to constrain the places where a null class can occur in the access checking code, to reduce the chance of security bugs. So the NPE at that point is a feature, not a bug. At some intermediate point, the null class from PUBLIC_LOOKUP should be changed to the special token Empty.class. At the JVM interface (and this should change) a null "caller class" or "lookup class" means "all privileges". The problem with that convention is null is a very common error value produced by buggy code, and we don't want somebody figuring out how to exploit the MH package by introducing an unexpected null in a MH lookup. I want an NPE to happen before such an unplanned null is presented to the JVM. There is a currently empty "meth.patch" and "indy.patch" in the mlvm repo. to collect these sorts of bug fixes. I'll push a fix. -- John _______________________________________________ mlvm-dev mailing list [email protected] http://mail.openjdk.java.net/mailman/listinfo/mlvm-dev
