On Fri, 15 Aug 2025 15:19:35 GMT, Guanqiang Han <g...@openjdk.org> wrote:
> Validate class name length immediately after GetStringUTFLength() in > Class.forName0. This prevents potential issues caused by overly long class > names before they reach later code that would reject them, throwing > ClassNotFoundException early. src/java.base/share/native/libjava/Class.c line 119: > 117: JNU_ThrowClassNotFoundException(env, msg); > 118: return 0; > 119: } I wonder if it's time to hoist these checks so that the checking is in a more discoverable place. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/26802#discussion_r2279296271
