jdk-sandbox: comparison hotspot/src/share/vm/classfile/verifier.cpp

equal deleted inserted replaced

-:9927a9f16738
+:aa1cfd918c4f
 /*
-* Copyright (c) 1998, 2016, Oracle and/or its affiliates. All rights reserved.
+* Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 #include "logging/log.hpp"
 #define NOFAILOVER_MAJOR_VERSION                       51
 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION  51
 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION       52
+#define MAX_ARRAY_DIMENSIONS 255
 // Access to external entry for VerifyClassCodes - old byte code verifier
 extern "C" {
 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint);
 st->print_cr("Verification for %s failed", klassName);
 }
 st->print_cr("End class verification for: %s", klassName);
 }
-bool Verifier::verify(instanceKlassHandle klass, Verifier::Mode mode, bool should_verify_class, TRAPS) {
+bool Verifier::verify(InstanceKlass* klass, Verifier::Mode mode, bool should_verify_class, TRAPS) {
-HandleMark hm;
+HandleMark hm(THREAD);
 ResourceMark rm(THREAD);
 // Eagerly allocate the identity hash code for a klass. This is a fallout
 // from 6320749 and 8059924: hash code generator is not supposed to be called
 // during the safepoint, but it allows to sneak the hashcode in during
 return false; // use the existing exception
 } else if (exception_name == NULL) {
 return true; // verifcation succeeded
 } else { // VerifyError or ClassFormatError to be created and thrown
 ResourceMark rm(THREAD);
-instanceKlassHandle kls =
+Klass* kls =
 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
 if (log_is_enabled(Debug, class, resolve)) {
-Verifier::trace_class_resolution(kls(), klass());
+Verifier::trace_class_resolution(kls, klass);
 }
-while (!kls.is_null()) {
+while (kls != NULL) {
 if (kls == klass) {
 // If the class being verified is the exception we're creating
 // or one of it's superclasses, we're in trouble and are going
 // to infinitely recurse when we try to initialize the exception.
 // So bail out here by throwing the preallocated VM error.
 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
 THROW_MSG_(exception_name, exception_message, false);
 }
 }
-bool Verifier::is_eligible_for_verification(instanceKlassHandle klass, bool should_verify_class) {
+bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
 Symbol* name = klass->name();
 Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass();
 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
 // Can not verify the bytecodes for shared classes because they have
 // already been rewritten to contain constant pool cache indices,
 // which the verifier can't understand.
 // Shared classes shouldn't have stackmaps either.
-!klass()->is_shared() &&
+!klass->is_shared() &&
 // As of the fix for 4486457 we disable verification for all of the
 // dynamically-generated bytecodes associated with the 1.4
 // reflection implementation, not just those associated with
 // jdk/internal/reflect/SerializationConstructorAccessor.
 // Also for lambda generated code, gte jdk8
 (!is_reflect));
 }
 Symbol* Verifier::inference_verify(
-instanceKlassHandle klass, char* message, size_t message_len, TRAPS) {
+InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
 JavaThread* thread = (JavaThread*)THREAD;
 JNIEnv *env = thread->jni_environment();
 void* verify_func = verify_byte_codes_fn();
 }
 // Methods in ClassVerifier
 ClassVerifier::ClassVerifier(
-instanceKlassHandle klass, TRAPS)
+InstanceKlass* klass, TRAPS)
 : _thread(THREAD), _exception_type(NULL), _message(NULL), _klass(klass) {
 _this_type = VerificationType::reference_type(klass->name());
 // Create list to hold symbols in reference area.
 _symbols = new GrowableArray<Symbol*>(100, 0, NULL);
 }
 }
 _message = ss.as_string();
 }
 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
+HandleMark hm(THREAD);
 // Get current loader and protection domain first.
 oop loader = current_class()->class_loader();
 oop protection_domain = current_class()->protection_domain();
 Klass* kls = SystemDictionary::resolve_or_fail(
 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
 true, THREAD);
 if (log_is_enabled(Debug, class, resolve)) {
-instanceKlassHandle cur_class = current_class();
+InstanceKlass* cur_class = InstanceKlass::cast(current_class());
-Verifier::trace_class_resolution(kls, cur_class());
+Verifier::trace_class_resolution(kls, cur_class);
 }
 return kls;
 }
-bool ClassVerifier::is_protected_access(instanceKlassHandle this_class,
+bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
 Klass* target_class,
 Symbol* field_name,
 Symbol* field_sig,
 bool is_method) {
 NoSafepointVerifier nosafepoint;
 }
 NOT_PRODUCT(aligned_bcp = NULL);  // no longer valid at this point
 }
 bool ClassVerifier::name_in_supers(
-Symbol* ref_name, instanceKlassHandle current) {
+Symbol* ref_name, InstanceKlass* current) {
 Klass* super = current->super();
 while (super != NULL) {
 if (super->name() == ref_name) {
 return true;
 }
 vmSymbols::object_initializer_name(),
 cp->signature_ref_at(bcs->get_index_u2()),
 Klass::find_overpass);
 // Do nothing if method is not found.  Let resolution detect the error.
 if (m != NULL) {
-instanceKlassHandle mh(THREAD, m->method_holder());
+InstanceKlass* mh = m->method_holder();
-if (m->is_protected() && !mh->is_same_class_package(_klass())) {
+if (m->is_protected() && !mh->is_same_class_package(_klass)) {
 bool assignable = current_type().is_assignable_from(
 objectref_type, this, true, CHECK_VERIFY(this));
 if (!assignable) {
 verify_error(ErrorContext::bad_type(bci,
 TypeOrigin::cp(new_class_index, objectref_type),
 return;
 }
 }
 bool ClassVerifier::is_same_or_direct_interface(
-instanceKlassHandle klass,
+InstanceKlass* klass,
 VerificationType klass_type,
 VerificationType ref_class_type) {
 if (ref_class_type.equals(klass_type)) return true;
 Array<Klass*>* local_interfaces = klass->local_interfaces();
 if (local_interfaces != NULL) {
 cp_index_to_type(index, cp, CHECK_VERIFY(this));
 int length;
 char* arr_sig_str;
 if (component_type.is_array()) {     // it's an array
 const char* component_name = component_type.name()->as_utf8();
+// Check for more than MAX_ARRAY_DIMENSIONS
+length = (int)strlen(component_name);
+if (length > MAX_ARRAY_DIMENSIONS &&
+component_name[MAX_ARRAY_DIMENSIONS - 1] == '[') {
+verify_error(ErrorContext::bad_code(bci),
+"Illegal anewarray instruction, array has more than 255 dimensions");
+}
 // add one dimension to component
-length = (int)strlen(component_name) + 1;
+length++;
 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
 arr_sig_str[0] = '[';
 strncpy(&arr_sig_str[1], component_name, length - 1);
 } else {         // it's an object or interface
 const char* component_name = component_type.name()->as_utf8();

changeset 46554	aa1cfd918c4f
parent 46403	f2b91b928476
child 46620	750c6edff33b