Merge

fbacd3c5 · asaha · fc9353fb · cff5f878 · fbacd3c5 · fbacd3c5
8 changed file
--- a/.hgtags
+++ b/.hgtags
@@ -695,3 +695,4 @@ f5d0aadb4d1ca74eda4e98cc0030f1618ef4c870 jdk8u131-b07
 c0091a673d766ce2e76a945bab6de325fe78dd88 jdk8u131-b10
 3ab471c4760a808e39406303ff33a25a542b9c75 jdk8u131-b11
 a160009bbe1417d85f1c0eec890fdb17391b3637 jdk8u141-b00
+e95a13de2d36050302a1af422967f5260fc8eabd jdk8u141-b01
--- a/src/share/classes/java/util/concurrent/ThreadPoolExecutor.java
+++ b/src/share/classes/java/util/concurrent/ThreadPoolExecutor.java
@@ -34,6 +34,10 @@
 */
 package java.util.concurrent;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.concurrent.locks.AbstractQueuedSynchronizer;
 import java.util.concurrent.locks.Condition;
 import java.util.concurrent.locks.ReentrantLock;
@@ -569,6 +573,9 @@ public class ThreadPoolExecutor extends AbstractExecutorService {
    private static final RuntimePermission shutdownPerm =
        new RuntimePermission("modifyThread");
+    /* The context to be used when executing the finalizer, or null. */
+    private final AccessControlContext acc;
    /**
     * Class Worker mainly maintains interrupt control state for
     * threads running tasks, along with other minor bookkeeping.
@@ -1307,6 +1314,9 @@ public class ThreadPoolExecutor extends AbstractExecutorService {
            throw new IllegalArgumentException();
        if (workQueue == null || threadFactory == null || handler == null)
            throw new NullPointerException();
+        this.acc = System.getSecurityManager() == null ?
+                null :
+                AccessController.getContext();
        this.corePoolSize = corePoolSize;
        this.maximumPoolSize = maximumPoolSize;
        this.workQueue = workQueue;
@@ -1472,9 +1482,18 @@ public class ThreadPoolExecutor extends AbstractExecutorService {
    /**
     * Invokes {@code shutdown} when this executor is no longer
     * referenced and it has no threads.
+     *
+     * <p>This method is invoked with privileges that are restricted by
+     * the security context of the caller that invokes the constructor.
     */
    protected void finalize() {
-        shutdown();
+        SecurityManager sm = System.getSecurityManager();
+        if (sm == null || acc == null) {
+            shutdown();
+        } else {
+            PrivilegedAction<Void> pa = () -> { shutdown(); return null; };
+            AccessController.doPrivileged(pa, acc);
+        }
    }
    /**

--- a/src/share/classes/java/util/jar/JarVerifier.java
+++ b/src/share/classes/java/util/jar/JarVerifier.java
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -180,10 +180,12 @@ class JarVerifier {
        // only set the jev object for entries that have a signature
        // (either verified or not)
-        if (sigFileSigners.get(name) != null ||
+        if (!name.equals(JarFile.MANIFEST_NAME)) {
-                verifiedSigners.get(name) != null) {
+            if (sigFileSigners.get(name) != null ||
-            mev.setEntry(name, je);
+                    verifiedSigners.get(name) != null) {
-            return;
+                mev.setEntry(name, je);
+                return;
+            }
        }
        // don't compute the digest for this entry

--- a/src/share/classes/javax/imageio/spi/ServiceRegistry.java
+++ b/src/share/classes/javax/imageio/spi/ServiceRegistry.java
@@ -26,6 +26,9 @@
 package javax.imageio.spi;
 import java.io.File;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Iterator;
@@ -701,11 +704,12 @@ class SubRegistry {
    Class category;
-    // Provider Objects organized by partial oridering
+    // Provider Objects organized by partial ordering
-    PartiallyOrderedSet poset = new PartiallyOrderedSet();
+    final PartiallyOrderedSet poset = new PartiallyOrderedSet();
    // Class -> Provider Object of that class
-    Map<Class<?>,Object> map = new HashMap();
+    final Map<Class<?>,Object> map = new HashMap();
+    final Map<Class<?>,AccessControlContext> accMap = new HashMap<>();
    public SubRegistry(ServiceRegistry registry, Class category) {
        this.registry = registry;
@@ -720,6 +724,7 @@ class SubRegistry {
            deregisterServiceProvider(oprovider);
        }
        map.put(provider.getClass(), provider);
+        accMap.put(provider.getClass(), AccessController.getContext());
        poset.add(provider);
        if (provider instanceof RegisterableService) {
            RegisterableService rs = (RegisterableService)provider;
@@ -739,6 +744,7 @@ class SubRegistry {
        if (provider == oprovider) {
            map.remove(provider.getClass());
+            accMap.remove(provider.getClass());
            poset.remove(provider);
            if (provider instanceof RegisterableService) {
                RegisterableService rs = (RegisterableService)provider;
@@ -785,10 +791,17 @@ class SubRegistry {
            if (provider instanceof RegisterableService) {
                RegisterableService rs = (RegisterableService)provider;
-                rs.onDeregistration(registry, category);
+                AccessControlContext acc = accMap.get(provider.getClass());
+                if (acc != null || System.getSecurityManager() == null) {
+                    AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
+                    rs.onDeregistration(registry, category);
+                        return null;
+                    }, acc);
+                }
            }
        }
        poset.clear();
+        accMap.clear();
    }
    public void finalize() {

--- a/src/share/classes/sun/awt/image/ImageWatched.java
+++ b/src/share/classes/sun/awt/image/ImageWatched.java
@@ -29,6 +29,10 @@ import java.lang.ref.WeakReference;
 import java.awt.Image;
 import java.awt.image.ImageObserver;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 public abstract class ImageWatched {
    public static Link endlink = new Link();
@@ -85,16 +89,26 @@ public abstract class ImageWatched {
        }
    }
+    static class AccWeakReference<T> extends WeakReference<T> {
+         private final AccessControlContext acc;
+         AccWeakReference(T ref) {
+             super(ref);
+             acc = AccessController.getContext();
+         }
+    }
    /*
     * Standard Link implementation to manage a Weak Reference
     * to an ImageObserver.
     */
    public static class WeakLink extends Link {
-        private WeakReference<ImageObserver> myref;
+        private final AccWeakReference<ImageObserver> myref;
        private Link next;
        public WeakLink(ImageObserver obs, Link next) {
-            myref = new WeakReference<ImageObserver>(obs);
+            myref = new AccWeakReference<ImageObserver>(obs);
            this.next = next;
        }
@@ -120,6 +134,19 @@ public abstract class ImageWatched {
            return this;
        }
+        private static boolean update(ImageObserver iw, AccessControlContext acc,
+                                      Image img, int info,
+                                      int x, int y, int w, int h) {
+            if (acc != null || System.getSecurityManager() != null) {
+                return AccessController.doPrivileged(
+                       (PrivilegedAction<Boolean>) () -> {
+                            return iw.imageUpdate(img, info, x, y, w, h);
+                      }, acc);
+            }
+            return false;
+        }
        public boolean newInfo(Image img, int info,
                               int x, int y, int w, int h)
        {
@@ -129,7 +156,7 @@ public abstract class ImageWatched {
            if (myiw == null) {
                // My referent is null so we must prune in a second pass.
                ret = true;
-            } else if (myiw.imageUpdate(img, info, x, y, w, h) == false) {
+            } else if (update(myiw, myref.acc, img, info, x, y, w, h) == false) {
                // My referent has lost interest so clear it and ask
                // for a pruning pass to remove it later.
                myref.clear();

--- a/src/share/classes/sun/nio/ch/AsynchronousChannelGroupImpl.java
+++ b/src/share/classes/sun/nio/ch/AsynchronousChannelGroupImpl.java
 /*
- * Copyright (c) 2008, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -246,13 +246,16 @@ abstract class AsynchronousChannelGroupImpl
    abstract void shutdownHandlerTasks();
    private void shutdownExecutors() {
-        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+        AccessController.doPrivileged(
-            public Void run() {
+            new PrivilegedAction<Void>() {
-                pool.executor().shutdown();
+                public Void run() {
-                timeoutExecutor.shutdown();
+                    pool.executor().shutdown();
-                return null;
+                    timeoutExecutor.shutdown();
-            }
+                    return null;
-        });
+                }
+            },
+            null,
+            new RuntimePermission("modifyThread"));
    }
    @Override

--- a/src/share/classes/sun/security/util/ManifestEntryVerifier.java
+++ b/src/share/classes/sun/security/util/ManifestEntryVerifier.java
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -107,6 +107,8 @@ public class ManifestEntryVerifier {
        /* get the headers from the manifest for this entry */
        /* if there aren't any, we can't verify any digests for this entry */
+        skip = false;
        Attributes attr = man.getAttributes(name);
        if (attr == null) {
            // ugh. we should be able to remove this at some point.
@@ -141,7 +143,6 @@ public class ManifestEntryVerifier {
                }
                if (digest != null) {
-                    skip = false;
                    digest.reset();
                    digests.add(digest);
                    manifestHashes.add(
@@ -197,6 +198,10 @@ public class ManifestEntryVerifier {
            return null;
        }
+        if (digests.isEmpty()) {
+            throw new SecurityException("digest missing for " + name);
+        }
        if (signers != null)
            return signers;

--- a/src/share/native/common/check_code.c
+++ b/src/share/native/common/check_code.c
@@ -457,6 +457,8 @@ static void *CCalloc(context_type *context, int size, jboolean zero);
 static fullinfo_type cp_index_to_class_fullinfo(context_type *, int, int);
+static const char* get_result_signature(const char* signature);
 static char signature_to_fieldtype(context_type *context,
                                   const char **signature_p, fullinfo_type *info);
@@ -2775,7 +2777,7 @@ push_stack(context_type *context, unsigned int inumber, stack_info_type *new_sta
                                                                operand);
            const char *result_signature;
            check_and_push(context, signature, VM_STRING_UTF);
-            result_signature = strchr(signature, JVM_SIGNATURE_ENDFUNC);
+            result_signature = get_result_signature(signature);
            if (result_signature++ == NULL) {
                CCerror(context, "Illegal signature %s", signature);
            }
@@ -3698,6 +3700,42 @@ CFerror(context_type *context, char *format, ...)
    longjmp(context->jump_buffer, 1);
 }
+/*
+ * Need to scan the entire signature to find the result type because
+ * types in the arg list and the result type could contain embedded ')'s.
+ */
+static const char* get_result_signature(const char* signature) {
+    const char *p;
+    for (p = signature; *p != JVM_SIGNATURE_ENDFUNC; p++) {
+        switch (*p) {
+          case JVM_SIGNATURE_BOOLEAN:
+          case JVM_SIGNATURE_BYTE:
+          case JVM_SIGNATURE_CHAR:
+          case JVM_SIGNATURE_SHORT:
+          case JVM_SIGNATURE_INT:
+          case JVM_SIGNATURE_FLOAT:
+          case JVM_SIGNATURE_DOUBLE:
+          case JVM_SIGNATURE_LONG:
+          case JVM_SIGNATURE_FUNC:  /* ignore initial (, if given */
+            break;
+          case JVM_SIGNATURE_CLASS:
+            while (*p != JVM_SIGNATURE_ENDCLASS) p++;
+            break;
+          case JVM_SIGNATURE_ARRAY:
+            while (*p == JVM_SIGNATURE_ARRAY) p++;
+            /* If an array of classes, skip over class name, too. */
+            if (*p == JVM_SIGNATURE_CLASS) {
+                while (*p != JVM_SIGNATURE_ENDCLASS) p++;
+            }
+            break;
+          default:
+            /* Indicate an error. */
+            return NULL;
+        }
+    }
+    return p++; /* skip over ')'. */
+}
 static char
 signature_to_fieldtype(context_type *context,
                       const char **signature_p, fullinfo_type *full_info_p)