diff --git a/.hgtags b/.hgtags
index 20942b24a9ea55a93b673541a7a23eebc22ab8f1..8bcba947fc9551d17a6a6886dcd7e63fd90f0149 100644
--- a/.hgtags
+++ b/.hgtags
@@ -695,3 +695,4 @@ f5d0aadb4d1ca74eda4e98cc0030f1618ef4c870 jdk8u131-b07
c0091a673d766ce2e76a945bab6de325fe78dd88 jdk8u131-b10
3ab471c4760a808e39406303ff33a25a542b9c75 jdk8u131-b11
a160009bbe1417d85f1c0eec890fdb17391b3637 jdk8u141-b00
+e95a13de2d36050302a1af422967f5260fc8eabd jdk8u141-b01
diff --git a/src/share/classes/java/util/concurrent/ThreadPoolExecutor.java b/src/share/classes/java/util/concurrent/ThreadPoolExecutor.java
index 882067dfe4d6dde4b7ee2bc888d4698eaaaa2fe6..73f6b3357685556a4eaeb913807fed4abb481146 100644
--- a/src/share/classes/java/util/concurrent/ThreadPoolExecutor.java
+++ b/src/share/classes/java/util/concurrent/ThreadPoolExecutor.java
@@ -34,6 +34,10 @@
*/
package java.util.concurrent;
+
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.concurrent.locks.AbstractQueuedSynchronizer;
import java.util.concurrent.locks.Condition;
import java.util.concurrent.locks.ReentrantLock;
@@ -569,6 +573,9 @@ public class ThreadPoolExecutor extends AbstractExecutorService {
private static final RuntimePermission shutdownPerm =
new RuntimePermission("modifyThread");
+ /* The context to be used when executing the finalizer, or null. */
+ private final AccessControlContext acc;
+
/**
* Class Worker mainly maintains interrupt control state for
* threads running tasks, along with other minor bookkeeping.
@@ -1307,6 +1314,9 @@ public class ThreadPoolExecutor extends AbstractExecutorService {
throw new IllegalArgumentException();
if (workQueue == null || threadFactory == null || handler == null)
throw new NullPointerException();
+ this.acc = System.getSecurityManager() == null ?
+ null :
+ AccessController.getContext();
this.corePoolSize = corePoolSize;
this.maximumPoolSize = maximumPoolSize;
this.workQueue = workQueue;
@@ -1472,9 +1482,18 @@ public class ThreadPoolExecutor extends AbstractExecutorService {
/**
* Invokes {@code shutdown} when this executor is no longer
* referenced and it has no threads.
+ *
+ *
This method is invoked with privileges that are restricted by
+ * the security context of the caller that invokes the constructor.
*/
protected void finalize() {
- shutdown();
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null || acc == null) {
+ shutdown();
+ } else {
+ PrivilegedAction pa = () -> { shutdown(); return null; };
+ AccessController.doPrivileged(pa, acc);
+ }
}
/**
diff --git a/src/share/classes/java/util/jar/JarVerifier.java b/src/share/classes/java/util/jar/JarVerifier.java
index cf255c3337c6038d82ad355622125a709a787615..6e6eec5530688cdf719c3fd28afdda11878f85cd 100644
--- a/src/share/classes/java/util/jar/JarVerifier.java
+++ b/src/share/classes/java/util/jar/JarVerifier.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -180,10 +180,12 @@ class JarVerifier {
// only set the jev object for entries that have a signature
// (either verified or not)
- if (sigFileSigners.get(name) != null ||
- verifiedSigners.get(name) != null) {
- mev.setEntry(name, je);
- return;
+ if (!name.equals(JarFile.MANIFEST_NAME)) {
+ if (sigFileSigners.get(name) != null ||
+ verifiedSigners.get(name) != null) {
+ mev.setEntry(name, je);
+ return;
+ }
}
// don't compute the digest for this entry
diff --git a/src/share/classes/javax/imageio/spi/ServiceRegistry.java b/src/share/classes/javax/imageio/spi/ServiceRegistry.java
index 7a5b727f8889a852b4d365643e7e8ad3936aee5d..981f9d30523f5647508ef83d0f9becb3f9684b37 100644
--- a/src/share/classes/javax/imageio/spi/ServiceRegistry.java
+++ b/src/share/classes/javax/imageio/spi/ServiceRegistry.java
@@ -26,6 +26,9 @@
package javax.imageio.spi;
import java.io.File;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
@@ -701,11 +704,12 @@ class SubRegistry {
Class category;
- // Provider Objects organized by partial oridering
- PartiallyOrderedSet poset = new PartiallyOrderedSet();
+ // Provider Objects organized by partial ordering
+ final PartiallyOrderedSet poset = new PartiallyOrderedSet();
// Class -> Provider Object of that class
- Map,Object> map = new HashMap();
+ final Map,Object> map = new HashMap();
+ final Map,AccessControlContext> accMap = new HashMap<>();
public SubRegistry(ServiceRegistry registry, Class category) {
this.registry = registry;
@@ -720,6 +724,7 @@ class SubRegistry {
deregisterServiceProvider(oprovider);
}
map.put(provider.getClass(), provider);
+ accMap.put(provider.getClass(), AccessController.getContext());
poset.add(provider);
if (provider instanceof RegisterableService) {
RegisterableService rs = (RegisterableService)provider;
@@ -739,6 +744,7 @@ class SubRegistry {
if (provider == oprovider) {
map.remove(provider.getClass());
+ accMap.remove(provider.getClass());
poset.remove(provider);
if (provider instanceof RegisterableService) {
RegisterableService rs = (RegisterableService)provider;
@@ -785,10 +791,17 @@ class SubRegistry {
if (provider instanceof RegisterableService) {
RegisterableService rs = (RegisterableService)provider;
- rs.onDeregistration(registry, category);
+ AccessControlContext acc = accMap.get(provider.getClass());
+ if (acc != null || System.getSecurityManager() == null) {
+ AccessController.doPrivileged((PrivilegedAction) () -> {
+ rs.onDeregistration(registry, category);
+ return null;
+ }, acc);
+ }
}
}
poset.clear();
+ accMap.clear();
}
public void finalize() {
diff --git a/src/share/classes/sun/awt/image/ImageWatched.java b/src/share/classes/sun/awt/image/ImageWatched.java
index b740aa1870e7be33b4b572fde686a4f6b3ad3a04..07d964659bd8cce3a05fe85ef7f4a5b0b9e4a39f 100644
--- a/src/share/classes/sun/awt/image/ImageWatched.java
+++ b/src/share/classes/sun/awt/image/ImageWatched.java
@@ -29,6 +29,10 @@ import java.lang.ref.WeakReference;
import java.awt.Image;
import java.awt.image.ImageObserver;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
public abstract class ImageWatched {
public static Link endlink = new Link();
@@ -85,16 +89,26 @@ public abstract class ImageWatched {
}
}
+ static class AccWeakReference extends WeakReference {
+
+ private final AccessControlContext acc;
+
+ AccWeakReference(T ref) {
+ super(ref);
+ acc = AccessController.getContext();
+ }
+ }
+
/*
* Standard Link implementation to manage a Weak Reference
* to an ImageObserver.
*/
public static class WeakLink extends Link {
- private WeakReference myref;
+ private final AccWeakReference myref;
private Link next;
public WeakLink(ImageObserver obs, Link next) {
- myref = new WeakReference(obs);
+ myref = new AccWeakReference(obs);
this.next = next;
}
@@ -120,6 +134,19 @@ public abstract class ImageWatched {
return this;
}
+ private static boolean update(ImageObserver iw, AccessControlContext acc,
+ Image img, int info,
+ int x, int y, int w, int h) {
+
+ if (acc != null || System.getSecurityManager() != null) {
+ return AccessController.doPrivileged(
+ (PrivilegedAction) () -> {
+ return iw.imageUpdate(img, info, x, y, w, h);
+ }, acc);
+ }
+ return false;
+ }
+
public boolean newInfo(Image img, int info,
int x, int y, int w, int h)
{
@@ -129,7 +156,7 @@ public abstract class ImageWatched {
if (myiw == null) {
// My referent is null so we must prune in a second pass.
ret = true;
- } else if (myiw.imageUpdate(img, info, x, y, w, h) == false) {
+ } else if (update(myiw, myref.acc, img, info, x, y, w, h) == false) {
// My referent has lost interest so clear it and ask
// for a pruning pass to remove it later.
myref.clear();
diff --git a/src/share/classes/sun/nio/ch/AsynchronousChannelGroupImpl.java b/src/share/classes/sun/nio/ch/AsynchronousChannelGroupImpl.java
index a584ce9dbf5a143f9703f245060851c5ce404766..9c81dea3dcf7009df81a2ba8402caec96cc047bb 100644
--- a/src/share/classes/sun/nio/ch/AsynchronousChannelGroupImpl.java
+++ b/src/share/classes/sun/nio/ch/AsynchronousChannelGroupImpl.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2008, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -246,13 +246,16 @@ abstract class AsynchronousChannelGroupImpl
abstract void shutdownHandlerTasks();
private void shutdownExecutors() {
- AccessController.doPrivileged(new PrivilegedAction() {
- public Void run() {
- pool.executor().shutdown();
- timeoutExecutor.shutdown();
- return null;
- }
- });
+ AccessController.doPrivileged(
+ new PrivilegedAction() {
+ public Void run() {
+ pool.executor().shutdown();
+ timeoutExecutor.shutdown();
+ return null;
+ }
+ },
+ null,
+ new RuntimePermission("modifyThread"));
}
@Override
diff --git a/src/share/classes/sun/security/util/ManifestEntryVerifier.java b/src/share/classes/sun/security/util/ManifestEntryVerifier.java
index 8e0169eb7542d0a1cc75c63b6f6506d22982fe5f..02dd76558c66410bac9dec3e2e467ecf08f2e8e7 100644
--- a/src/share/classes/sun/security/util/ManifestEntryVerifier.java
+++ b/src/share/classes/sun/security/util/ManifestEntryVerifier.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -107,6 +107,8 @@ public class ManifestEntryVerifier {
/* get the headers from the manifest for this entry */
/* if there aren't any, we can't verify any digests for this entry */
+ skip = false;
+
Attributes attr = man.getAttributes(name);
if (attr == null) {
// ugh. we should be able to remove this at some point.
@@ -141,7 +143,6 @@ public class ManifestEntryVerifier {
}
if (digest != null) {
- skip = false;
digest.reset();
digests.add(digest);
manifestHashes.add(
@@ -197,6 +198,10 @@ public class ManifestEntryVerifier {
return null;
}
+ if (digests.isEmpty()) {
+ throw new SecurityException("digest missing for " + name);
+ }
+
if (signers != null)
return signers;
diff --git a/src/share/native/common/check_code.c b/src/share/native/common/check_code.c
index d01bec4e91f67f10cec7db248c4e3a6ed1cb428d..96091720772994603d313028f37f7ac0755f8bb4 100644
--- a/src/share/native/common/check_code.c
+++ b/src/share/native/common/check_code.c
@@ -457,6 +457,8 @@ static void *CCalloc(context_type *context, int size, jboolean zero);
static fullinfo_type cp_index_to_class_fullinfo(context_type *, int, int);
+static const char* get_result_signature(const char* signature);
+
static char signature_to_fieldtype(context_type *context,
const char **signature_p, fullinfo_type *info);
@@ -2775,7 +2777,7 @@ push_stack(context_type *context, unsigned int inumber, stack_info_type *new_sta
operand);
const char *result_signature;
check_and_push(context, signature, VM_STRING_UTF);
- result_signature = strchr(signature, JVM_SIGNATURE_ENDFUNC);
+ result_signature = get_result_signature(signature);
if (result_signature++ == NULL) {
CCerror(context, "Illegal signature %s", signature);
}
@@ -3698,6 +3700,42 @@ CFerror(context_type *context, char *format, ...)
longjmp(context->jump_buffer, 1);
}
+/*
+ * Need to scan the entire signature to find the result type because
+ * types in the arg list and the result type could contain embedded ')'s.
+ */
+static const char* get_result_signature(const char* signature) {
+ const char *p;
+ for (p = signature; *p != JVM_SIGNATURE_ENDFUNC; p++) {
+ switch (*p) {
+ case JVM_SIGNATURE_BOOLEAN:
+ case JVM_SIGNATURE_BYTE:
+ case JVM_SIGNATURE_CHAR:
+ case JVM_SIGNATURE_SHORT:
+ case JVM_SIGNATURE_INT:
+ case JVM_SIGNATURE_FLOAT:
+ case JVM_SIGNATURE_DOUBLE:
+ case JVM_SIGNATURE_LONG:
+ case JVM_SIGNATURE_FUNC: /* ignore initial (, if given */
+ break;
+ case JVM_SIGNATURE_CLASS:
+ while (*p != JVM_SIGNATURE_ENDCLASS) p++;
+ break;
+ case JVM_SIGNATURE_ARRAY:
+ while (*p == JVM_SIGNATURE_ARRAY) p++;
+ /* If an array of classes, skip over class name, too. */
+ if (*p == JVM_SIGNATURE_CLASS) {
+ while (*p != JVM_SIGNATURE_ENDCLASS) p++;
+ }
+ break;
+ default:
+ /* Indicate an error. */
+ return NULL;
+ }
+ }
+ return p++; /* skip over ')'. */
+}
+
static char
signature_to_fieldtype(context_type *context,
const char **signature_p, fullinfo_type *full_info_p)