Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8202135

Class.getMethod() trusts String value

    Details

      Description

      ADDITIONAL SYSTEM INFORMATION :
      Linux 64bit, jdk1.8.0_172


      A DESCRIPTION OF THE PROBLEM :
      When getMethod is invoked with a String object which null for it's value field, the runtime crashes.

      REGRESSION : Last worked in version 8u172

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Munge a string's value field to null. Invoke getMethod with that string as the parameter.

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      NullPointerException as in Java 9
      ACTUAL -
      Crash, core dump

      ---------- BEGIN SOURCE ----------
      import java.lang.reflect.Constructor;
      import java.lang.reflect.Method;
      import java.lang.reflect.*;


      public class Bug {

          String f;

          public static void main(String[] args) throws Exception {
              Bug b = new Bug();
              b.f = (String) mungedString();
              b.trigger();

          }

          public void trigger() throws Exception {
              Method m = Runtime.class.getMethod(f, new Class[]{String.class});

          }


           static Object mungedString() throws Exception {
            Field[] fields = String.class.getDeclaredFields();
            Field field = null;
            for(Field f: fields) {
                if (f.getName().equals("value"))
                    field = f;
            }
            field.setAccessible(true);

            Field modifiersField = Field.class.getDeclaredField("modifiers");
            modifiersField.setAccessible(true);
            modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
            Object s = new String();
           field.set(s, null);
            return s;

         }

      }

      ---------- END SOURCE ----------

      FREQUENCY : always


        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              webbuggrp Webbug Group
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: