> In the `class` file format, a lot of the values are `u1` or `u2`; the > Class-File API consistently model them with `int`. However, the API does not, > in general, validate that int values passed to the factory methods are not > out of the bounds as defined in the class file format. This patch proposes to > add such validation for factory methods accepting such more narrow data, > prepared by examining all `int`-accepting methods in the Class-File API. > > I expect this to have a small compatibility impact - besides the -1 for the > minor version, there is no other places where most significant bits are ever > meaningful, and I special cased it and consistently fail fast for all other > OOB values, which always mean programmer errors. > > A CSR will be created soon as well.
Chen Liang has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains six commits: - New u2 central info stage - Merge branch 'master' of https://github.com/openjdk/jdk into fix/cf-u2-validation - Package-level information - Merge branch 'master' of https://github.com/openjdk/jdk into fix/cf-u2-validation - Fix style - 8361614: Missing sub-int value validation in the Class-File API ------------- Changes: https://git.openjdk.org/jdk/pull/26201/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=26201&range=04 Stats: 693 lines in 43 files changed: 502 ins; 58 del; 133 mod Patch: https://git.openjdk.org/jdk/pull/26201.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/26201/head:pull/26201 PR: https://git.openjdk.org/jdk/pull/26201
