-
Bug
-
Resolution: Fixed
-
P2
-
9
-
b117
-
Verified
Lets say we have a custom security manager that uses string concatenation (+) inside the method checkPermission(Permission).
When we call the method that does permission checking, it throws a java.lang.BootstrapMethodError.
Minimized test:
-----------------------------------------
SecurityManager sm = new SecurityManager() {
@Override
public void checkPermission(Permission perm) {
String abc = "abc";
String full = abc + "def";
}
};
System.setSecurityManager(sm);
ClassLoader cl = new ClassLoader() {};
}
-----------------------------------------
Interesting that the spec for j.l.String says the following regarding concatenation:
"The Java language provides special support for the string concatenation operator ( + ), ... String concatenation is implemented through the StringBuilder(or StringBuffer) class and its append method."
However, if we will replace {abc + "def"} with {new StringBuffer().append(abc).append("def").toString()}, the exception won't be thrown.
Reproduced with jdk9b104 and later.
When we call the method that does permission checking, it throws a java.lang.BootstrapMethodError.
Minimized test:
-----------------------------------------
SecurityManager sm = new SecurityManager() {
@Override
public void checkPermission(Permission perm) {
String abc = "abc";
String full = abc + "def";
}
};
System.setSecurityManager(sm);
ClassLoader cl = new ClassLoader() {};
}
-----------------------------------------
Interesting that the spec for j.l.String says the following regarding concatenation:
"The Java language provides special support for the string concatenation operator ( + ), ... String concatenation is implemented through the StringBuilder(or StringBuffer) class and its append method."
However, if we will replace {abc + "def"} with {new StringBuffer().append(abc).append("def").toString()}, the exception won't be thrown.
Reproduced with jdk9b104 and later.
- relates to
-
JDK-8155659 Bootstrapping issues with lambdas in custom SecurityManager
-
- Closed
-
-
JDK-8222895 StackOverflowError in custom security manager that relies on ClassSpecializer
-
- Closed
-
-
JDK-8158851 MH.publicLookup() init circularity, triggered by custom SecurityManager with String concat and -limitmods java.base
-
- Closed
-