On Tue, 23 May 2023 12:54:20 GMT, Adam Sotona <asot...@openjdk.org> wrote:
> Classfile API allowed to generate Code attribute exceeding the 65k limit. No
> exception has been thrown during class generation and the class failed
> verification later during class loading.
> This patch adds Code size limit check throwing IllegalArgumentException.
> The patch also adds similar check for constant pool size limit to avoid
> generation class file with corrupted constant pool.
> Two new tests are added to check response on oversized Code attribute and
> constant pool.
> `VerifierImpl` is extended to check Code attribute size as a part of class
> verification process.
>
> Please review.
>
> Thanks,
> Adam
src/java.base/share/classes/jdk/internal/classfile/impl/DirectCodeBuilder.java
line 314:
> 312:
> 313: int codeLength = curPc();
> 314: if (codeLength >= 65536) {
Hello Adam, looking at the JVM spec, section 4.7.3
https://docs.oracle.com/javase/specs/jvms/se17/html/jvms-4.html#jvms-4.7.3, it
states:
> The value of code_length must be greater than zero (as the code array must
> not be empty) and less than 65536.
Do you think this check then should also verify (and throw) if the codeLength
<= 0?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/14100#discussion_r1203993221
