8132904: Type checking verifier fails to reject assignment from array to an interface
Summary: Only allow assignment if interface is Cloneable or Serializable.
Reviewed-by: kamg, gtriantafill, jiangli
--- a/hotspot/src/share/vm/classfile/verificationType.cpp Thu Sep 17 16:07:06 2015 +0200
+++ b/hotspot/src/share/vm/classfile/verificationType.cpp Fri Sep 18 07:01:23 2015 -0400
@@ -70,9 +70,12 @@
if (this_class->is_interface() && (!from_field_is_protected ||
from.name() != vmSymbols::java_lang_Object())) {
// If we are not trying to access a protected field or method in
- // java.lang.Object then we treat interfaces as java.lang.Object,
- // including java.lang.Cloneable and java.io.Serializable.
- return true;
+ // java.lang.Object then, for arrays, we only allow assignability
+ // to interfaces java.lang.Cloneable and java.io.Serializable.
+ // Otherwise, we treat interfaces as java.lang.Object.
+ return !from.is_array() ||
+ this_class == SystemDictionary::Cloneable_klass() ||
+ this_class == SystemDictionary::Serializable_klass();
} else if (from.is_object()) {
Klass* from_class = SystemDictionary::resolve_or_fail(
from.name(), Handle(THREAD, klass->class_loader()),