This is the mail archive of the
java-patches@gcc.gnu.org
mailing list for the Java project.
Permissions not checked in BC-ABI code
- From: Andrew Haley <aph at redhat dot com>
- To: java-patches at gcc dot gnu dot org
- Date: Tue, 16 May 2006 15:39:14 +0100
- Subject: Permissions not checked in BC-ABI code
We're not checking permissions correctly when linking BC-ABI method
calls. This allows access to private methods, etc.
AFAICS the cause of this is that we're simply calling the wrong method
to do the lookup.
This is going to require some fairly extended testing to make sure it
doesn't break anything, which I'll do before I check it in.
It seems that this same loop up the sueprclass chain calling
search_method_in_class() is used several times in _Jv_Linker, so I
might factor that out and give it a name, but that would obfuscate
this patch.
Andrew.
2006-05-16 Andrew Haley <aph@redhat.com>
* link.cc (link_symbol_table): Call search_method_in_class, not
_Jv_LookupDeclaredMethod.
Index: link.cc
===================================================================
--- link.cc (revision 113722)
+++ link.cc (working copy)
@@ -1101,8 +1101,14 @@
// it out now.
wait_for_state(target_class, JV_STATE_PREPARED);
- meth = _Jv_LookupDeclaredMethod(target_class, sym.name,
- sym.signature);
+ for (jclass cls = target_class; cls; cls = cls->getSuperclass ())
+ {
+ meth = search_method_in_class (target_class, klass,
+ sym.name,
+ sym.signature);
+ if (meth != NULL)
+ break;
+ }
// Every class has a throwNoSuchMethodErrorIndex method that
// it inherits from java.lang.Object. Find its vtable
@@ -1219,8 +1225,14 @@
throw new VerifyError(sb->toString());
}
- meth = _Jv_LookupDeclaredMethod(target_class, sym.name,
- sym.signature);
+ for (jclass cls = target_class; cls; cls = cls->getSuperclass ())
+ {
+ meth = search_method_in_class (target_class, klass,
+ sym.name,
+ sym.signature);
+ if (meth != NULL)
+ break;
+ }
if (meth != NULL)
{