diff --git a/hotspot/src/share/vm/classfile/classFileParser.cpp b/hotspot/src/share/vm/classfile/classFileParser.cpp index 30262696a8c..13c8ce71e9e 100644 --- a/hotspot/src/share/vm/classfile/classFileParser.cpp +++ b/hotspot/src/share/vm/classfile/classFileParser.cpp @@ -5402,6 +5402,17 @@ void ClassFileParser::fill_instance_klass(InstanceKlass* ik, bool changed_by_loa debug_only(ik->verify();) } +static bool relax_format_check_for(ClassLoaderData* loader_data) { + bool trusted = (loader_data->is_the_null_class_loader_data() || + SystemDictionary::is_platform_class_loader(loader_data->class_loader())); + bool need_verify = + // verifyAll + (BytecodeVerificationLocal && BytecodeVerificationRemote) || + // verifyRemote + (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted); + return !need_verify; +} + ClassFileParser::ClassFileParser(ClassFileStream* stream, Symbol* name, ClassLoaderData* loader_data, @@ -5490,7 +5501,7 @@ ClassFileParser::ClassFileParser(ClassFileStream* stream, // Check if verification needs to be relaxed for this class file // Do not restrict it to jdk1.0 or jdk1.1 to maintain backward compatibility (4982376) - _relax_verify = Verifier::relax_verify_for(_loader_data->class_loader()); + _relax_verify = relax_format_check_for(_loader_data); parse_stream(stream, CHECK); diff --git a/hotspot/src/share/vm/classfile/verifier.cpp b/hotspot/src/share/vm/classfile/verifier.cpp index c0976d55d4b..2194859c30c 100644 --- a/hotspot/src/share/vm/classfile/verifier.cpp +++ b/hotspot/src/share/vm/classfile/verifier.cpp @@ -88,7 +88,7 @@ bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) { BytecodeVerificationLocal : BytecodeVerificationRemote; } -bool Verifier::relax_verify_for(oop loader) { +bool Verifier::relax_access_for(oop loader) { bool trusted = java_lang_ClassLoader::is_trusted_loader(loader); bool need_verify = // verifyAll diff --git a/hotspot/src/share/vm/classfile/verifier.hpp b/hotspot/src/share/vm/classfile/verifier.hpp index a613c62a3d5..f4c00eb9b1d 100644 --- a/hotspot/src/share/vm/classfile/verifier.hpp +++ b/hotspot/src/share/vm/classfile/verifier.hpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -58,8 +58,8 @@ class Verifier : AllStatic { // -Xverify:all/none override this value static bool should_verify_for(oop class_loader, bool should_verify_class); - // Relax certain verifier checks to enable some broken 1.1 apps to run on 1.2. - static bool relax_verify_for(oop class_loader); + // Relax certain access checks to enable some broken 1.1 apps to run on 1.2. + static bool relax_access_for(oop class_loader); // Print output for class+resolve static void trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class); diff --git a/hotspot/src/share/vm/runtime/reflection.cpp b/hotspot/src/share/vm/runtime/reflection.cpp index 7b2753e516f..ae574a4edbf 100644 --- a/hotspot/src/share/vm/runtime/reflection.cpp +++ b/hotspot/src/share/vm/runtime/reflection.cpp @@ -446,7 +446,7 @@ static bool can_relax_access_check_for(const Klass* accessor, (accessor_ik->major_version() < Verifier::STRICTER_ACCESS_CTRL_CHECK_VERSION && accessee_ik->major_version() < Verifier::STRICTER_ACCESS_CTRL_CHECK_VERSION)) { return classloader_only && - Verifier::relax_verify_for(accessor_ik->class_loader()) && + Verifier::relax_access_for(accessor_ik->class_loader()) && accessor_ik->protection_domain() == accessee_ik->protection_domain() && accessor_ik->class_loader() == accessee_ik->class_loader(); } diff --git a/hotspot/test/runtime/ClassFile/BadHelloWorld.jcod b/hotspot/test/runtime/ClassFile/BadHelloWorld.jcod new file mode 100644 index 00000000000..9b984e602d6 --- /dev/null +++ b/hotspot/test/runtime/ClassFile/BadHelloWorld.jcod @@ -0,0 +1,138 @@ +/* + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * This file fuzzes the class name #15 to have a leading 'L' and ending ';'. + */ + +class BadHelloWorld { + 0xCAFEBABE; + 0; // minor version + 52; // version + [31] { // Constant Pool + ; // first element is empty + Utf8 "BadHelloWorld"; // #1 at 0x0A + class #1; // #2 at 0x1A + Utf8 "java/lang/Object"; // #3 at 0x1D + class #3; // #4 at 0x30 + Utf8 ""; // #5 at 0x33 + Utf8 "()V"; // #6 at 0x3C + NameAndType #5 #6; // #7 at 0x42 + Method #4 #7; // #8 at 0x47 + Utf8 "toString"; // #9 at 0x4C + Utf8 "()Ljava/lang/String;"; // #10 at 0x57 + Utf8 "Hello, world!"; // #11 at 0x6E + String #11; // #12 at 0x7E + Utf8 "main"; // #13 at 0x81 + Utf8 "([Ljava/lang/String;)V"; // #14 at 0x88 + Utf8 "LBadHelloWorld;"; // #15 at 0xA1 + class #15; // #16 at 0xB3 + Method #16 #7; // #17 at 0xB6 + Utf8 "java/lang/System"; // #18 at 0xBB + class #18; // #19 at 0xCE + Utf8 "out"; // #20 at 0xD1 + Utf8 "Ljava/io/PrintStream;"; // #21 at 0xD7 + NameAndType #20 #21; // #22 at 0xEF + Field #19 #22; // #23 at 0xF4 + Utf8 "java/io/PrintStream"; // #24 at 0xF9 + class #24; // #25 at 0x010F + Utf8 "println"; // #26 at 0x0112 + Utf8 "(Ljava/lang/Object;)V"; // #27 at 0x011C + NameAndType #26 #27; // #28 at 0x0134 + Method #25 #28; // #29 at 0x0139 + Utf8 "Code"; // #30 at 0x013E + } // Constant Pool + + 0x0021; // access + #2;// this_cpx + #4;// super_cpx + + [0] { // Interfaces + } // Interfaces + + [0] { // fields + } // fields + + [3] { // methods + { // Member at 0x0151 + 0x0001; // access + #5; // name_cpx + #6; // sig_cpx + [1] { // Attributes + Attr(#30, 17) { // Code at 0x0159 + 1; // max_stack + 1; // max_locals + Bytes[5]{ + 0x2AB70008B1; + }; + [0] { // Traps + } // end Traps + [0] { // Attributes + } // Attributes + } // end Code + } // Attributes + } // Member + ; + { // Member at 0x0170 + 0x0001; // access + #9; // name_cpx + #10; // sig_cpx + [1] { // Attributes + Attr(#30, 15) { // Code at 0x0178 + 1; // max_stack + 1; // max_locals + Bytes[3]{ + 0x120CB0; + }; + [0] { // Traps + } // end Traps + [0] { // Attributes + } // Attributes + } // end Code + } // Attributes + } // Member + ; + { // Member at 0x018D + 0x0089; // access + #13; // name_cpx + #14; // sig_cpx + [1] { // Attributes + Attr(#30, 28) { // Code at 0x0195 + 2; // max_stack + 2; // max_locals + Bytes[16]{ + 0xBB001059B700114C; + 0xB200172BB6001DB1; + }; + [0] { // Traps + } // end Traps + [0] { // Attributes + } // Attributes + } // end Code + } // Attributes + } // Member + } // methods + + [0] { // Attributes + } // Attributes +} // end class BadHelloWorld diff --git a/hotspot/test/runtime/ClassFile/FormatCheckingTest.java b/hotspot/test/runtime/ClassFile/FormatCheckingTest.java new file mode 100644 index 00000000000..243f00f2cf1 --- /dev/null +++ b/hotspot/test/runtime/ClassFile/FormatCheckingTest.java @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8148854 + * @summary Ensure class name loaded by app class loader is format checked by default + * @library /test/lib + * @compile BadHelloWorld.jcod + * @modules java.base/jdk.internal.misc + * java.management + * @run main FormatCheckingTest + */ + +import jdk.test.lib.process.OutputAnalyzer; +import jdk.test.lib.process.ProcessTools; + +public class FormatCheckingTest { + public static void main(String args[]) throws Throwable { + ProcessBuilder pb = ProcessTools.createJavaProcessBuilder("BadHelloWorld"); + OutputAnalyzer output = new OutputAnalyzer(pb.start()); + output.shouldContain("java.lang.ClassFormatError: Illegal class name"); + output.shouldHaveExitValue(1); + } +}