8160455: KSS : class.forName issue in TIFFImageMetadata.java
authorjdv
Tue, 09 Aug 2016 13:55:27 +0530
changeset 40433 d0e7204495dc
parent 40432 6a878eae7459
child 40434 49d6193f196f
8160455: KSS : class.forName issue in TIFFImageMetadata.java Reviewed-by: prr, bpb, serb
jdk/src/java.desktop/share/classes/com/sun/imageio/plugins/tiff/TIFFImageMetadata.java
--- a/jdk/src/java.desktop/share/classes/com/sun/imageio/plugins/tiff/TIFFImageMetadata.java	Tue Aug 09 13:45:17 2016 +0530
+++ b/jdk/src/java.desktop/share/classes/com/sun/imageio/plugins/tiff/TIFFImageMetadata.java	Tue Aug 09 13:55:27 2016 +0530
@@ -1465,8 +1465,14 @@
                 String className = st.nextToken();
 
                 Object o = null;
+                Class<?> setClass = null;
                 try {
-                    Class<?> setClass = Class.forName(className);
+                    ClassLoader cl = TIFFImageMetadata.class.getClassLoader();
+                    setClass = Class.forName(className, false, cl);
+                    if (!TIFFTagSet.class.isAssignableFrom(setClass)) {
+                        fatal(node, "TagSets in IFD must be subset of"
+                                + " TIFFTagSet class");
+                    }
                     Method getInstanceMethod =
                         setClass.getMethod("getInstance", (Class[])null);
                     o = getInstanceMethod.invoke(null, (Object[])null);