On Tue, 26 Aug 2025 11:22:57 GMT, Per Minborg <pminb...@openjdk.org> wrote:
>> ### Description >> This PR proposes to update the `ClassLoader` implementation to properly >> guard access to the provided `ByteBuffer` when defining a class using >> `defineClass(String, ByteBuffer, ...)`. Specifically, calls to >> `SharedSecrets.getJavaNioAccess().acquireSession(ByteBuffer)` and >> `releaseSession(ByteBuffer)` have been introduced to ensure safe and >> consistent buffer access throughout the native class definition process, >> even in the case of a `ByteBuffer` is backed by a `MemorySegment`. >> >> ### Impact >> This modification is internal to the `ClassLoader` implementation and does >> not affect the public API. >> Improves the robustness and security of class loading from buffers. >> >> ### Testing >> Tier 1, 2, and 3 JDK tests pass on multiple platforms. > > Per Minborg has updated the pull request with a new target base due to a > merge or a rebase. The incremental webrev excludes the unrelated changes > brought in by the merge/rebase. The pull request contains five additional > commits since the last revision: > > - Improve test > - Merge branch 'master' into bb-defineclass > - Add test > - Update copyright year > - Guard ClassLoader::defineClass2 Thank you Per for the update. This looks good to me. It would be good to run this change and the test in our CI once to be sure nothing unexpected fails. ------------- Marked as reviewed by jpai (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/26724#pullrequestreview-3158547486
