-
Bug
-
Resolution: Fixed
-
P2
-
8u20, 9
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8056667 | emb-9 | Unassigned | P2 | Resolved | Fixed | b26 |
JDK-8063521 | 8u45 | Goetz Lindenmaier | P2 | Resolved | Fixed | b01 |
JDK-8051913 | 8u40 | Goetz Lindenmaier | P2 | Resolved | Fixed | b01 |
JDK-8054130 | 8u31 | Goetz Lindenmaier | P2 | Resolved | Fixed | b01 |
JDK-8052373 | 8u25 | Goetz Lindenmaier | P2 | Resolved | Fixed | b10 |
JDK-8051816 | 8u20 | Vladimir Kozlov | P2 | Closed | Fixed | b25 |
JDK-8070805 | emb-8u47 | Goetz Lindenmaier | P2 | Resolved | Fixed | team |
JDK-8053295 | emb-8u26 | Goetz Lindenmaier | P2 | Resolved | Fixed | b17 |
Precondition:
-------------
Consider the following class hierarchy:
A
/ \
B1 B2
A declares a field "aa" which both B1 and B2 inherit.
Despite aa is declared in a super class of B1, methods in B1 might not access the field aa of an object of class B2:
class B1 extends A {
m(B2 b2) {
...
x = b2.aa; // !!! Access not allowed
}
}
This is checked by the test mentioned above.
Problem:
--------
ciField::will_link() used by C1 and C2 does the access check using the canonical_holder (which is A in this case) and thus the access erroneously succeeds.
Fix:
----
In ciField::ciField(), just before the canonical holder is stored into the _holder variable (and which is used by ciField::will_link()) perform an additional access check with the holder declared in the class file. If this check fails, store the declared holder instead and ciField::will_link() will bail out compilation for this field later on. Then, the interpreter will throw an PrivilegedAccessException at runtime.
Ways to reproduce:
------------------
Run the above JCK test with
C2 only: -XX:-TieredCompilation -Xbatch -Xcomp
or
with C1: -XX:-Inline -Xbatch -Xcomp
Evaluation
---------------
We consider this fix critical as access control is broken. Fields can be accessed errornously.
- backported by
-
JDK-8051913 Fix bad field access check in C1 and C2
- Resolved
-
JDK-8052373 Fix bad field access check in C1 and C2
- Resolved
-
JDK-8053295 Fix bad field access check in C1 and C2
- Resolved
-
JDK-8054130 Fix bad field access check in C1 and C2
- Resolved
-
JDK-8056667 Fix bad field access check in C1 and C2
- Resolved
-
JDK-8063521 Fix bad field access check in C1 and C2
- Resolved
-
JDK-8070805 Fix bad field access check in C1 and C2
- Resolved
-
JDK-8051816 Fix bad field access check in C1 and C2
- Closed