On Tue, 19 Aug 2025 13:10:31 GMT, ExE Boss <d...@openjdk.org> wrote:
>> Guanqiang Han has updated the pull request with a new target base due to a
>> merge or a rebase. The incremental webrev excludes the unrelated changes
>> brought in by the merge/rebase. The pull request contains three additional
>> commits since the last revision:
>>
>> - move check into java side
>> - Merge remote-tracking branch 'upstream/master' into 8328874
>> - 8328874: Class::forName0 should validate the class name length early
>>
>> Validate class name length immediately after GetStringUTFLength() in
>> Class.forName0. This prevents potential issues caused by overly long class
>> names before they reach later code that would reject them, throwing
>> ClassNotFoundException early.
>
> src/java.base/share/classes/java/lang/Class.java line 4160:
>
>> 4158: private static boolean classNameLengthIsValid(String name) {
>> 4159: Objects.requireNonNull(name);
>> 4160: return name.length() <= JAVA_CLASSNAME_MAX_LEN;
>
> This check is incorrect, as the `JAVA_CLASSNAME_MAX_LEN` applies to the
> Modified UTF‑8 length, rather than the UTF‑16 length.
@ExE-Boss Good catch — you’re right, this should check the Modified UTF-8
length rather than the UTF-16 length. I have updated the implementation
accordingly,please take another look.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26802#discussion_r2285607194
