On Tue, 8 Jul 2025 20:20:17 GMT, Chen Liang <li...@openjdk.org> wrote:
> In the `class` file format, a lot of the values are `u1` or `u2`; the > Class-File API consistently model them with `int`. However, the API does not, > in general, validate that int values passed to the factory methods are not > out of the bounds as defined in the class file format. This patch proposes to > add such validation for factory methods accepting such more narrow data, > prepared by examining all `int`-accepting methods in the Class-File API. > > I expect this to have a small compatibility impact - besides the -1 for the > minor version, there is no other places where most significant bits are ever > meaningful, and I special cased it and consistently fail fast for all other > OOB values, which always mean programmer errors. > > A CSR will be created soon as well. This pull request has now been integrated. Changeset: ae960772 Author: Chen Liang <li...@openjdk.org> URL: https://git.openjdk.org/jdk/commit/ae9607725c8c6a1b2f2728dbb5f7993722497da7 Stats: 694 lines in 43 files changed: 503 ins; 58 del; 133 mod 8361614: Missing sub-int value validation in the Class-File API Reviewed-by: asotona ------------- PR: https://git.openjdk.org/jdk/pull/26201
