> ### Description > This PR proposes to update the `ClassLoader` implementation to properly guard > access to the provided `ByteBuffer` when defining a class using > `defineClass(String, ByteBuffer, ...)`. Specifically, calls to > `SharedSecrets.getJavaNioAccess().acquireSession(ByteBuffer)` and > `releaseSession(ByteBuffer)` have been introduced to ensure safe and > consistent buffer access throughout the native class definition process, even > in the case of a `ByteBuffer` is backed by a `MemorySegment`. > > ### Impact > This modification is internal to the `ClassLoader` implementation and does > not affect the public API. > Improves the robustness and security of class loading from buffers. > > ### Testing > Tier 1, 2, and 3 JDK tests pass on multiple platforms.
Per Minborg has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains five additional commits since the last revision: - Improve test - Merge branch 'master' into bb-defineclass - Add test - Update copyright year - Guard ClassLoader::defineClass2 ------------- Changes: - all: https://git.openjdk.org/jdk/pull/26724/files - new: https://git.openjdk.org/jdk/pull/26724/files/4e95baea..e6ad2a53 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=26724&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=26724&range=00-01 Stats: 23580 lines in 773 files changed: 12256 ins; 8196 del; 3128 mod Patch: https://git.openjdk.org/jdk/pull/26724.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/26724/head:pull/26724 PR: https://git.openjdk.org/jdk/pull/26724
