6736293: OpenType checks can be bypassed through finalizer resurrection

Reviewed-by: hawtin

6736293: OpenType checks can be bypassed through finalizer resurrection
Reviewed-by: hawtin
908a2038 · emcmanus · 8b4c742c · 908a2038 · 908a2038 · 908a2038
3 changed file
--- a/src/share/classes/java/awt/Window.java
+++ b/src/share/classes/java/awt/Window.java
@@ -3629,6 +3629,8 @@ public class Window extends Container implements Accessible {
                y + h + 2);

        // Now make sure the warning window is visible on the screen
+        GraphicsConfiguration graphicsConfig =
+            getGraphicsConfiguration_NoClientCode();
        Rectangle screenBounds = graphicsConfig.getBounds();
        Insets screenInsets =
            Toolkit.getDefaultToolkit().getScreenInsets(graphicsConfig);

--- a/src/share/classes/javax/management/openmbean/OpenMBeanAttributeInfoSupport.java
+++ b/src/share/classes/javax/management/openmbean/OpenMBeanAttributeInfoSupport.java
@@ -690,7 +690,7 @@ public class OpenMBeanAttributeInfoSupport
    private static <T> T convertFromString(String s, OpenType<T> openType) {
        Class<T> c;
        try {
-            c = cast(Class.forName(openType.getClassName()));
+            c = cast(Class.forName(openType.safeGetClassName()));
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.toString());  // can't happen
        }
@@ -711,7 +711,7 @@ public class OpenMBeanAttributeInfoSupport
            } catch (Exception e) {
                final String msg =
                    "Could not convert \"" + s + "\" using method: " + valueOf;
-                throw new IllegalArgumentException(msg);
+                throw new IllegalArgumentException(msg, e);
            }
        }

@@ -728,7 +728,7 @@ public class OpenMBeanAttributeInfoSupport
            } catch (Exception e) {
                final String msg =
                    "Could not convert \"" + s + "\" using constructor: " + con;
-                throw new IllegalArgumentException(msg);
+                throw new IllegalArgumentException(msg, e);
            }
        }

@@ -757,7 +757,7 @@ public class OpenMBeanAttributeInfoSupport
            stringArrayClass =
                Class.forName(squareBrackets + "Ljava.lang.String;");
            targetArrayClass =
-                Class.forName(squareBrackets + "L" + baseType.getClassName() +
+                Class.forName(squareBrackets + "L" + baseType.safeGetClassName() +
                              ";");
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.toString());  // can't happen

--- a/src/share/classes/javax/management/openmbean/OpenType.java
+++ b/src/share/classes/javax/management/openmbean/OpenType.java
@@ -304,7 +304,12 @@ public abstract class OpenType<T> implements Serializable {
     * @return the class name.
     */
    public String getClassName() {
+        return className;
+    }

+    // A version of getClassName() that can only be called from within this
+    // package and that cannot be overridden.
+    String safeGetClassName() {
        return className;
    }