On Sun, 7 Sep 2025 14:50:56 GMT, Guanqiang Han <[email protected]> wrote:
>> Validate class name length immediately after GetStringUTFLength() in
>> Class.forName0. This prevents potential issues caused by overly long class
>> names before they reach later code that would reject them, throwing
>> ClassNotFoundException early.
>
> Guanqiang Han has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Use a different native method for testNative, since the implementation of
> forName has changed.
The production code looks good. Tests seem to be too reliant on the exact
exception message (which is deemed an antipattern sometimes) but I think we can
tweak those tests when they run into problems due to other changes later.
src/java.base/share/classes/java/lang/Class.java line 4162:
> 4160: if (!ModifiedUtf.isValidLengthInConstantPool(name)) {
> 4161: throw new ClassNotFoundException(
> 4162: "Class name length exceeds limit of " +
> ModifiedUtf.CONSTANT_POOL_UTF8_MAX_BYTES);
Suggestion:
"Class name length exceeds limit of " +
ModifiedUtf.CONSTANT_POOL_UTF8_MAX_BYTES + ": " + name);
-------------
Marked as reviewed by liach (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/26802#pullrequestreview-3194575026
PR Review Comment: https://git.openjdk.org/jdk/pull/26802#discussion_r2328827911
