Mercurial > jdk8-mips64-public > hotspot / changeset
changeset
8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
Thu, 25 Aug 2016 09:23:45 -0400
- author
- zgu
- date
- Thu, 25 Aug 2016 09:23:45 -0400
- changeset 9969
- 40f45911050f
- parent 9968
- 9a8c9d2291bb
- child 9970
- f614bd5c9561
8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
Summary: Added default format checking of class names loaded by the app class loader
Reviewed-by: andrew
1.1 --- a/src/share/vm/classfile/classFileParser.cpp Tue Jan 24 20:47:24 2017 -0800 1.2 +++ b/src/share/vm/classfile/classFileParser.cpp Thu Aug 25 09:23:45 2016 -0400 1.3 @@ -3717,6 +3717,16 @@ 1.4 info->has_nonstatic_fields = has_nonstatic_fields; 1.5 } 1.6 1.7 +static bool relax_format_check_for(ClassLoaderData* loader_data) { 1.8 + bool trusted = (loader_data->is_the_null_class_loader_data() || 1.9 + SystemDictionary::is_ext_class_loader(loader_data->class_loader())); 1.10 + bool need_verify = 1.11 + // verifyAll 1.12 + (BytecodeVerificationLocal && BytecodeVerificationRemote) || 1.13 + // verifyRemote 1.14 + (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted); 1.15 + return !need_verify; 1.16 +} 1.17 1.18 instanceKlassHandle ClassFileParser::parseClassFile(Symbol* name, 1.19 ClassLoaderData* loader_data, 1.20 @@ -3863,7 +3873,7 @@ 1.21 1.22 // Check if verification needs to be relaxed for this class file 1.23 // Do not restrict it to jdk1.0 or jdk1.1 to maintain backward compatibility (4982376) 1.24 - _relax_verify = Verifier::relax_verify_for(class_loader()); 1.25 + _relax_verify = relax_format_check_for(_loader_data); 1.26 1.27 // Constant pool 1.28 constantPoolHandle cp = parse_constant_pool(CHECK_(nullHandle));
2.1 --- a/src/share/vm/classfile/verifier.cpp Tue Jan 24 20:47:24 2017 -0800 2.2 +++ b/src/share/vm/classfile/verifier.cpp Thu Aug 25 09:23:45 2016 -0400 2.3 @@ -98,7 +98,7 @@ 2.4 BytecodeVerificationLocal : BytecodeVerificationRemote; 2.5 } 2.6 2.7 -bool Verifier::relax_verify_for(oop loader) { 2.8 +bool Verifier::relax_access_for(oop loader) { 2.9 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader); 2.10 bool need_verify = 2.11 // verifyAll
3.1 --- a/src/share/vm/classfile/verifier.hpp Tue Jan 24 20:47:24 2017 -0800 3.2 +++ b/src/share/vm/classfile/verifier.hpp Thu Aug 25 09:23:45 2016 -0400 3.3 @@ -1,5 +1,5 @@ 3.4 /* 3.5 - * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved. 3.6 + * Copyright (c) 1998, 2016, Oracle and/or its affiliates. All rights reserved. 3.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 3.8 * 3.9 * This code is free software; you can redistribute it and/or modify it 3.10 @@ -57,8 +57,8 @@ 3.11 // -Xverify:all/none override this value 3.12 static bool should_verify_for(oop class_loader, bool should_verify_class); 3.13 3.14 - // Relax certain verifier checks to enable some broken 1.1 apps to run on 1.2. 3.15 - static bool relax_verify_for(oop class_loader); 3.16 + // Relax certain access checks to enable some broken 1.1 apps to run on 1.2. 3.17 + static bool relax_access_for(oop class_loader); 3.18 3.19 private: 3.20 static bool is_eligible_for_verification(instanceKlassHandle klass, bool should_verify_class);
4.1 --- a/src/share/vm/runtime/reflection.cpp Tue Jan 24 20:47:24 2017 -0800 4.2 +++ b/src/share/vm/runtime/reflection.cpp Thu Aug 25 09:23:45 2016 -0400 4.3 @@ -506,7 +506,7 @@ 4.4 (accessor_ik->major_version() < Verifier::STRICTER_ACCESS_CTRL_CHECK_VERSION && 4.5 accessee_ik->major_version() < Verifier::STRICTER_ACCESS_CTRL_CHECK_VERSION)) { 4.6 return classloader_only && 4.7 - Verifier::relax_verify_for(accessor_ik->class_loader()) && 4.8 + Verifier::relax_access_for(accessor_ik->class_loader()) && 4.9 accessor_ik->protection_domain() == accessee_ik->protection_domain() && 4.10 accessor_ik->class_loader() == accessee_ik->class_loader(); 4.11 } else {
5.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 5.2 +++ b/test/runtime/ClassFile/BadHelloWorld.jcod Thu Aug 25 09:23:45 2016 -0400 5.3 @@ -0,0 +1,138 @@ 5.4 +/* 5.5 + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. 5.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 5.7 + * 5.8 + * This code is free software; you can redistribute it and/or modify it 5.9 + * under the terms of the GNU General Public License version 2 only, as 5.10 + * published by the Free Software Foundation. 5.11 + * 5.12 + * This code is distributed in the hope that it will be useful, but WITHOUT 5.13 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 5.14 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 5.15 + * version 2 for more details (a copy is included in the LICENSE file that 5.16 + * accompanied this code). 5.17 + * 5.18 + * You should have received a copy of the GNU General Public License version 5.19 + * 2 along with this work; if not, write to the Free Software Foundation, 5.20 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 5.21 + * 5.22 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 5.23 + * or visit www.oracle.com if you need additional information or have any 5.24 + * questions. 5.25 + */ 5.26 + 5.27 +/* 5.28 + * This file fuzzes the class name #15 to have a leading 'L' and ending ';'. 5.29 + */ 5.30 + 5.31 +class BadHelloWorld { 5.32 + 0xCAFEBABE; 5.33 + 0; // minor version 5.34 + 52; // version 5.35 + [31] { // Constant Pool 5.36 + ; // first element is empty 5.37 + Utf8 "BadHelloWorld"; // #1 at 0x0A 5.38 + class #1; // #2 at 0x1A 5.39 + Utf8 "java/lang/Object"; // #3 at 0x1D 5.40 + class #3; // #4 at 0x30 5.41 + Utf8 "<init>"; // #5 at 0x33 5.42 + Utf8 "()V"; // #6 at 0x3C 5.43 + NameAndType #5 #6; // #7 at 0x42 5.44 + Method #4 #7; // #8 at 0x47 5.45 + Utf8 "toString"; // #9 at 0x4C 5.46 + Utf8 "()Ljava/lang/String;"; // #10 at 0x57 5.47 + Utf8 "Hello, world!"; // #11 at 0x6E 5.48 + String #11; // #12 at 0x7E 5.49 + Utf8 "main"; // #13 at 0x81 5.50 + Utf8 "([Ljava/lang/String;)V"; // #14 at 0x88 5.51 + Utf8 "LBadHelloWorld;"; // #15 at 0xA1 5.52 + class #15; // #16 at 0xB3 5.53 + Method #16 #7; // #17 at 0xB6 5.54 + Utf8 "java/lang/System"; // #18 at 0xBB 5.55 + class #18; // #19 at 0xCE 5.56 + Utf8 "out"; // #20 at 0xD1 5.57 + Utf8 "Ljava/io/PrintStream;"; // #21 at 0xD7 5.58 + NameAndType #20 #21; // #22 at 0xEF 5.59 + Field #19 #22; // #23 at 0xF4 5.60 + Utf8 "java/io/PrintStream"; // #24 at 0xF9 5.61 + class #24; // #25 at 0x010F 5.62 + Utf8 "println"; // #26 at 0x0112 5.63 + Utf8 "(Ljava/lang/Object;)V"; // #27 at 0x011C 5.64 + NameAndType #26 #27; // #28 at 0x0134 5.65 + Method #25 #28; // #29 at 0x0139 5.66 + Utf8 "Code"; // #30 at 0x013E 5.67 + } // Constant Pool 5.68 + 5.69 + 0x0021; // access 5.70 + #2;// this_cpx 5.71 + #4;// super_cpx 5.72 + 5.73 + [0] { // Interfaces 5.74 + } // Interfaces 5.75 + 5.76 + [0] { // fields 5.77 + } // fields 5.78 + 5.79 + [3] { // methods 5.80 + { // Member at 0x0151 5.81 + 0x0001; // access 5.82 + #5; // name_cpx 5.83 + #6; // sig_cpx 5.84 + [1] { // Attributes 5.85 + Attr(#30, 17) { // Code at 0x0159 5.86 + 1; // max_stack 5.87 + 1; // max_locals 5.88 + Bytes[5]{ 5.89 + 0x2AB70008B1; 5.90 + }; 5.91 + [0] { // Traps 5.92 + } // end Traps 5.93 + [0] { // Attributes 5.94 + } // Attributes 5.95 + } // end Code 5.96 + } // Attributes 5.97 + } // Member 5.98 + ; 5.99 + { // Member at 0x0170 5.100 + 0x0001; // access 5.101 + #9; // name_cpx 5.102 + #10; // sig_cpx 5.103 + [1] { // Attributes 5.104 + Attr(#30, 15) { // Code at 0x0178 5.105 + 1; // max_stack 5.106 + 1; // max_locals 5.107 + Bytes[3]{ 5.108 + 0x120CB0; 5.109 + }; 5.110 + [0] { // Traps 5.111 + } // end Traps 5.112 + [0] { // Attributes 5.113 + } // Attributes 5.114 + } // end Code 5.115 + } // Attributes 5.116 + } // Member 5.117 + ; 5.118 + { // Member at 0x018D 5.119 + 0x0089; // access 5.120 + #13; // name_cpx 5.121 + #14; // sig_cpx 5.122 + [1] { // Attributes 5.123 + Attr(#30, 28) { // Code at 0x0195 5.124 + 2; // max_stack 5.125 + 2; // max_locals 5.126 + Bytes[16]{ 5.127 + 0xBB001059B700114C; 5.128 + 0xB200172BB6001DB1; 5.129 + }; 5.130 + [0] { // Traps 5.131 + } // end Traps 5.132 + [0] { // Attributes 5.133 + } // Attributes 5.134 + } // end Code 5.135 + } // Attributes 5.136 + } // Member 5.137 + } // methods 5.138 + 5.139 + [0] { // Attributes 5.140 + } // Attributes 5.141 +} // end class BadHelloWorld
6.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 6.2 +++ b/test/runtime/ClassFile/FormatCheckingTest.java Thu Aug 25 09:23:45 2016 -0400 6.3 @@ -0,0 +1,43 @@ 6.4 +/* 6.5 + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. 6.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 6.7 + * 6.8 + * This code is free software; you can redistribute it and/or modify it 6.9 + * under the terms of the GNU General Public License version 2 only, as 6.10 + * published by the Free Software Foundation. 6.11 + * 6.12 + * This code is distributed in the hope that it will be useful, but WITHOUT 6.13 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 6.14 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 6.15 + * version 2 for more details (a copy is included in the LICENSE file that 6.16 + * accompanied this code). 6.17 + * 6.18 + * You should have received a copy of the GNU General Public License version 6.19 + * 2 along with this work; if not, write to the Free Software Foundation, 6.20 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 6.21 + * 6.22 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 6.23 + * or visit www.oracle.com if you need additional information or have any 6.24 + * questions. 6.25 + */ 6.26 + 6.27 +/* 6.28 + * @test 6.29 + * @bug 8148854 6.30 + * @summary Ensure class name loaded by app class loader is format checked by default 6.31 + * @library /testlibrary 6.32 + * @compile BadHelloWorld.jcod 6.33 + * @run main FormatCheckingTest 6.34 + */ 6.35 + 6.36 +import com.oracle.java.testlibrary.OutputAnalyzer; 6.37 +import com.oracle.java.testlibrary.ProcessTools; 6.38 + 6.39 +public class FormatCheckingTest { 6.40 + public static void main(String args[]) throws Throwable { 6.41 + ProcessBuilder pb = ProcessTools.createJavaProcessBuilder("BadHelloWorld"); 6.42 + OutputAnalyzer output = new OutputAnalyzer(pb.start()); 6.43 + output.shouldContain("java.lang.ClassFormatError: Illegal class name"); 6.44 + output.shouldHaveExitValue(1); 6.45 + } 6.46 +}
