8222895: StackOverflowError in custom security manager that relies on ClassSpecializer

Reviewed-by: alanb
2025-08-28 07:14:30 +02:00 · 2019-05-02 10:38:00 +02:00 · 2019-05-02 10:38:00 +02:00 · c23dc4dfcf
commit c23dc4dfcf
parent b3f4ca4563
3 changed files with 36 additions and 20 deletions
--- a/make/jdk/src/classes/build/tools/classlist/HelloClasslist.java
+++ b/make/jdk/src/classes/build/tools/classlist/HelloClasslist.java
@ -72,6 +72,8 @@ public class HelloClasslist {
        String SC     = String.valueOf(args.length) + "string";
        String SCS    = String.valueOf(args.length) + "string" + String.valueOf(args.length);
        String CSS    = "string" + String.valueOf(args.length) + String.valueOf(args.length);
+        String CSC    = "string" + String.valueOf(args.length) + "string";
+        String SSC    = String.valueOf(args.length) + String.valueOf(args.length) + "string";
        String CSCS   = "string" + String.valueOf(args.length) + "string" + String.valueOf(args.length);
        String SCSC   = String.valueOf(args.length) + "string" + String.valueOf(args.length) + "string";
        String CSCSC  = "string" + String.valueOf(args.length) + "string" + String.valueOf(args.length) + "string";
--- a/src/java.base/share/classes/java/lang/invoke/ClassSpecializer.java
+++ b/src/java.base/share/classes/java/lang/invoke/ClassSpecializer.java
@ -25,6 +25,7 @@

 package java.lang.invoke;

+import jdk.internal.access.SharedSecrets;
 import jdk.internal.loader.BootLoader;
 import jdk.internal.org.objectweb.asm.ClassWriter;
 import jdk.internal.org.objectweb.asm.FieldVisitor;
@ -37,6 +38,7 @@ import java.lang.reflect.Field;
 import java.lang.reflect.Modifier;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@ -575,19 +577,19 @@ abstract class ClassSpecializer<T,K,S extends ClassSpecializer<T,K,S>.SpeciesDat

            // load class
            InvokerBytecodeGenerator.maybeDump(classBCName(className), classFile);
-            Class<?> speciesCode;
-
-            MethodHandles.Lookup lookup = IMPL_LOOKUP.in(topClass());
-            speciesCode = AccessController.doPrivileged(new PrivilegedAction<>() {
+            ClassLoader cl = topClass.getClassLoader();
+            ProtectionDomain pd = null;
+            if (cl != null) {
+                pd = AccessController.doPrivileged(
+                        new PrivilegedAction<>() {
                            @Override
-                public Class<?> run() {
-                    try {
-                        return lookup.defineClass(classFile);
-                    } catch (Exception ex) {
-                        throw newInternalError(ex);
-                    }
+                            public ProtectionDomain run() {
+                                return topClass().getProtectionDomain();
                            }
                        });
+            }
+            Class<?> speciesCode = SharedSecrets.getJavaLangAccess()
+                    .defineClass(cl, className, classFile, pd, "_ClassSpecializer_generateConcreteSpeciesCode");
            return speciesCode.asSubclass(topClass());
        }

--- a/test/jdk/java/lang/String/concat/WithSecurityManager.java
+++ b/test/jdk/java/lang/String/concat/WithSecurityManager.java
@ -26,7 +26,7 @@ import java.security.Permission;
 /**
 * @test
 * @summary String concatenation fails with a custom SecurityManager that uses concatenation
- * @bug 8155090 8158851
+ * @bug 8155090 8158851 8222895
 * @requires !vm.graal.enabled
 *
 * @compile WithSecurityManager.java
@ -55,12 +55,17 @@ public class WithSecurityManager {
                @Override
                public void checkPermission(Permission perm) {
                    String abc = "abc";
-                    String full = abc + "def";
+                    int ival = perm.hashCode();
+                    String full = abc + "abc";
+                    // Contorted to avoid sweeping cases where we've
+                    // pre-generated commonly used species under the rug
+                    full = "abc" + ival + "def" + abc + "def" + abc + "def" +
+                           abc + "def" + ival + "def" + abc + "def" +
+                           abc + "def" + abc + "def" + abc + "def";
                }
            };
            System.setSecurityManager(sm);
-            ClassLoader cl = new ClassLoader() {
-            };
+            ClassLoader cl = new ClassLoader() {};
        }

        // Second time should succeed to run after bootstrapping
@ -69,12 +74,19 @@ public class WithSecurityManager {
                @Override
                public void checkPermission(Permission perm) {
                    String abc = "abc";
-                    String full = abc + "def";
+                    int ival = perm.hashCode();
+                    String full = abc + "abc";
+                    // Contorted variant to avoid sweeping cases where we've
+                    // pre-generated commonly used species under the rug
+                    full = "abc" + ival + "def" + abc + "def" + abc + "def" +
+                            abc + "def" + ival + "def" + abc + "def" +
+                            abc + "def" + abc + "def" + abc + "def";
                }
            };
+
+            // Provoke checkPermission invocation
            System.setSecurityManager(sm);
-            ClassLoader cl = new ClassLoader() {
-            };
+            ClassLoader cl = new ClassLoader() {};
        }
    }
 }