-
Bug
-
Resolution: Unresolved
-
P4
-
24
-
None
ClassLoader.setSigners can be called by code in ClassLoader implementations to set the signers for any Class. This should be re-examined as it doesn't make sense to allow a ClassLoader implementation set the signers for classes that have other defining class loaders.
ClassLoader.setSigners doesn't make a defensive copy of the signers. There is no synchronisation between a class loader that changes signers at around the same time that Class::getSigners is called.
ClassLoader.setSigners spec is missing several points. It doesn't specify that it ignores array classes or class objects for primitives. It doesn't say anything about the elements that aren't a Certificate are ignored. It doesn't specify null behavior either and doesn't say anything that the signers can change at any time.
ClassLoader.setSigners doesn't make a defensive copy of the signers. There is no synchronisation between a class loader that changes signers at around the same time that Class::getSigners is called.
ClassLoader.setSigners spec is missing several points. It doesn't specify that it ignores array classes or class objects for primitives. It doesn't say anything about the elements that aren't a Certificate are ignored. It doesn't specify null behavior either and doesn't say anything that the signers can change at any time.