On Fri, 17 Oct 2025 22:25:44 GMT, Benjamin Peterson <[email protected]> wrote:
>> Deep in the bowels of `System.loadLibrary`, `File.getCanonicalPath()` is >> called on the target library file before it is passed to the system library >> loading APIs. In JDK-8003887, `File.getCanonicalPath` was altered to resolve >> symlinks on Windows. This had unintended consequences for passing a symlink >> to `System.loadLibrary` on Windows. The underlying Windows `LoadLibrary` API >> inspects the file name passed to it and adds a `.dll` extension if the it is >> not already present. Thus, if `System.loadLibrary` was given a symlink to a >> file and that file didn't have a `.dll` extension, `LoadLibrary` try to load >> nonexistent file and fail. >> >> Fix this problem by appending a `.` to library paths in Windows' >> `os::dll_load`. This trailing dot inhibits `LoadLibrary`'s own appending >> behavior. > > Benjamin Peterson has updated the pull request with a new target base due to > a merge or a rebase. The incremental webrev excludes the unrelated changes > brought in by the merge/rebase. The pull request contains 15 additional > commits since the last revision: > > - add test showing loading symlinked libraries with various combinations > - revert dll_load fix > - Merge branch 'master' into nativelibraries-fix > - add cast > - use os::malloc > - Merge branch 'master' into nativelibraries-fix > - fix compilation > - fix grammar > - add dot in os::dll_load rather than NativeLibraries.java > - Merge remote-tracking branch 'origin/master' into nativelibraries-fix > - ... and 5 more: https://git.openjdk.org/jdk/compare/ab30fa02...09de5608 Did any thoughts come back from security? ------------- PR Comment: https://git.openjdk.org/jdk/pull/24694#issuecomment-3540027643
