8160455: KSS : class.forName issue in TIFFImageMetadata.java
Reviewed-by: prr, bpb, serb
--- a/jdk/src/java.desktop/share/classes/com/sun/imageio/plugins/tiff/TIFFImageMetadata.java Tue Aug 09 13:45:17 2016 +0530
+++ b/jdk/src/java.desktop/share/classes/com/sun/imageio/plugins/tiff/TIFFImageMetadata.java Tue Aug 09 13:55:27 2016 +0530
@@ -1465,8 +1465,14 @@
String className = st.nextToken();
Object o = null;
+ Class<?> setClass = null;
try {
- Class<?> setClass = Class.forName(className);
+ ClassLoader cl = TIFFImageMetadata.class.getClassLoader();
+ setClass = Class.forName(className, false, cl);
+ if (!TIFFTagSet.class.isAssignableFrom(setClass)) {
+ fatal(node, "TagSets in IFD must be subset of"
+ + " TIFFTagSet class");
+ }
Method getInstanceMethod =
setClass.getMethod("getInstance", (Class[])null);
o = getInstanceMethod.invoke(null, (Object[])null);