On Thu, 28 Aug 2025 03:59:40 GMT, Guanqiang Han <g...@openjdk.org> wrote:
>> Validate class name length immediately after GetStringUTFLength() in
>> Class.forName0. This prevents potential issues caused by overly long class
>> names before they reach later code that would reject them, throwing
>> ClassNotFoundException early.
>
> Guanqiang Han has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Update Class.java
>
> avoid the case of int overflow
src/java.base/share/classes/java/lang/Class.java line 4170:
> 4168: // The check utfLen >= nameLen ensures we don't incorrectly
> return true in case of int overflow.
> 4169: int utfLen = ModifiedUtf.utfLen(name, 0);
> 4170: return utfLen <= JAVA_CLASSNAME_MAX_LEN && utfLen >= nameLen;
A typical overflow-conscious idiom is to subtract the unknown value from the
known positive number and compare with 0.
Suggestion:
int utfLen = ModifiedUtf.utfLen(name, 0);
return JAVA_CLASSNAME_MAX_LEN - utfLen >= 0;
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26802#discussion_r2307490649
