Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8223730

URLClassLoader.findClass() can throw IndexOutOfBoundsException

    Details

    • Subcomponent:
    • Resolved In Build:
      b21
    • Verification:
      Not verified

      Description

      It is possible to make URLClassLoader.findClass() to throw unexpected IndexOutOfBoundsException.

      This is because jdk.internal.loader.Resource.getBytes() fails to handle integer overflow when allocating memory.

      Here's a simple reproducer:

      $ touch LARGE.class
      $ truncate -s 2147483647 LARGE.class
      $ jar -c -f JAR.jar LARGE.class
      $ javac POC.java
      $ java -Xms5G POC
      Exception in thread "main" java.lang.IndexOutOfBoundsException
          at java.base/java.util.zip.InflaterInputStream.read(InflaterInputStream.java:147)
          at java.base/jdk.internal.loader.Resource.getBytes(Resource.java:124)
          at java.base/java.net.URLClassLoader.defineClass(URLClassLoader.java:510)
          at java.base/java.net.URLClassLoader$1.run(URLClassLoader.java:423)
          at java.base/java.net.URLClassLoader$1.run(URLClassLoader.java:417)
          at java.base/java.security.AccessController.doPrivileged(AccessController.java:690)
          at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:416)
          at MyCL.<init>(POC.java:13)
          at POC.main(POC.java:6)


      where POC.java is:
      ----------------
      import java.net.*;
      import java.io.*;

      public class POC {
          public static void main(String[] args) throws Throwable {
              var cl = new MyCL();
          }
      }

      class MyCL extends URLClassLoader {
          public MyCL() throws Throwable {
              super(new URL[] {new URL("file:JAR.jar")});
              findClass("LARGE");
          }
      }
      ----------------

      The expected exception here would be either OutOfMemoryError or ClassFormatError.

        Attachments

          Activity

            People

            • Assignee:
              igerasim Ivan Gerasimov
              Reporter:
              igerasim Ivan Gerasimov
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: