Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8146625

OverloadedDynamicMethod has unused ClassLoader field that can be removed.

XMLWordPrintable

    • b101
    • generic
    • generic

      Constructor of jdk.internal.dynalink.beans.OverloadedDynamicMethod class calls Class.getClassLoader without a doPrivileged block around. While this does not cause any failure usually, it can cause problems. In most cases, extension loader (the loader of dynalink) is the parent chain of most classes and so c.getClassLoader() call without doPrivileged is fine. But there is a possibility a Class is loaded by loader that does not have extension loader in it's parent chain. In such case, dynalink will try to get ClassLoader and security check will be performed. Depending on caller chain, this will fail!

            sundar Sundararajan Athijegannathan
            sundar Sundararajan Athijegannathan
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: