-
Bug
-
Resolution: Fixed
-
P4
-
17, 18
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8298483 | 17.0.7-oracle | Calvin Cheung | P4 | Resolved | Fixed | b01 |
JDK-8296522 | 17.0.6 | Aleksey Shipilev | P4 | Resolved | Fixed | b02 |
javaClasses.cpp:
bool java_lang_System::allow_security_manager() {
static int initialized = false;
static bool allowed = true; // default
if (!initialized) {
oop base = vmClasses::System_klass()->static_field_base_raw();
int never = base->int_field(_static_never_offset);
allowed = (base->int_field(_static_allow_security_offset) != never);
}
return allowed;
}
We never set `initialized` to true, so every call to allow_security_manager() re-reads the System class field.
bool java_lang_System::allow_security_manager() {
static int initialized = false;
static bool allowed = true; // default
if (!initialized) {
oop base = vmClasses::System_klass()->static_field_base_raw();
int never = base->int_field(_static_never_offset);
allowed = (base->int_field(_static_allow_security_offset) != never);
}
return allowed;
}
We never set `initialized` to true, so every call to allow_security_manager() re-reads the System class field.
- backported by
-
JDK-8296522 java_lang_System::allow_security_manager() doesn't set its initialization flag
- Resolved
-
JDK-8298483 java_lang_System::allow_security_manager() doesn't set its initialization flag
- Resolved
- relates to
-
JDK-8195744 Avoid calling ClassLoader.checkPackageAccess if security manager is not installed
- Resolved
- links to
-
Commit openjdk/jdk17u-dev/a61b74e2
-
Commit openjdk/jdk/08f0be83
-
Review openjdk/jdk17u-dev/843
-
Review openjdk/jdk/5268
(2 links to)