Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8157464

Disallow StackWalker.getCallerClass() be called by caller-sensitive method

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P3 P3
    • 9
    • 9
    • core-libs
    • b138
    • Verified

      StackWalker.getCallerClass() skips all @Hidden & java.lang.invoke methods when looking for caller. If a library uses SW.gCC to implement caller-sensitive logic, it can cause problems.

      java.lang.invoke, when constructing a method handle for @CallerSensitive method, binds it to lookup context by attaching a VMAC w/ lookup class as a host class (see [1] for details). During invocation, it puts a @Hidden frame on stack which represents original caller context.

      SW.gCC() filters out that frame, so a library sees the caller of method handle instead.

      For example, in methodHandleGetCallerClass() [2] if a method handle leaks and it is invoked from another context, the bound context will be ignored if SW.gCC is used (R.gCC correctly returns the class MH is bound to).

      Reflection.getCallerClass() is more conservative when filtering frames [3].

      [1] http://hg.openjdk.java.net/jdk9/dev/jdk/file/248c2f34cc1f/src/java.base/share/classes/java/lang/invoke/MethodHandleImpl.java#l1167

      [2] http://hg.openjdk.java.net/jdk9/dev/jdk/file/248c2f34cc1f/test/java/lang/StackWalker/GetCallerClassTest.java#l129

      [3] http://hg.openjdk.java.net/jdk9/jdk9/hotspot/file/e3ca323dfe1b/src/share/vm/oops/method.cpp#l1122:

            mchung Mandy Chung (Inactive)
            vlivanov Vladimir Ivanov
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: