From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 1517 invoked by alias); 23 Dec 2009 16:39:51 -0000 Received: (qmail 1506 invoked by uid 22791); 23 Dec 2009 16:39:50 -0000 X-SWARE-Spam-Status: No, hits=-1.5 required=5.0 tests=AWL,BAYES_00,SARE_MSGID_LONG40,WEIRD_PORT X-Spam-Check-By: sourceware.org Received: from mail-px0-f192.google.com (HELO mail-px0-f192.google.com) (209.85.216.192) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Wed, 23 Dec 2009 16:39:47 +0000 Received: by pxi30 with SMTP id 30so4826904pxi.14 for ; Wed, 23 Dec 2009 08:39:45 -0800 (PST) MIME-Version: 1.0 Received: by 10.141.53.14 with SMTP id f14mr4549607rvk.268.1261586385605; Wed, 23 Dec 2009 08:39:45 -0800 (PST) In-Reply-To: <7230133d0912230709r4aaa858du760202283165869f@mail.gmail.com> References: <4B31F521.1010404@redhat.com> <7230133d0912230709r4aaa858du760202283165869f@mail.gmail.com> Date: Wed, 23 Dec 2009 16:39:00 -0000 Message-ID: Subject: Re: problem with class accessiblity check in invoke (natMethod.cc) From: Erik Groeneveld To: Bryce McKinlay Cc: Andrew Haley , java Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-IsSubscribed: yes Mailing-List: contact java-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: java-owner@gcc.gnu.org X-SW-Source: 2009-12/txt/msg00065.txt.bz2 (Sorry for the HTML post) On 23 dec 2009, at 16:09, Bryce McKinlay wrote: > On Wed, Dec 23, 2009 at 1:34 PM, Erik Groeneveld wrote: > >> The following code demonstrates the problem. >> >> #include >> #include >> #include >> #include >> #include >> >> int main(int argc, char* argv[]) { >> JvCreateJavaVM(NULL); >> JvAttachCurrentThread(NULL, NULL); >> java::util::ArrayList* l =3D new java::util::ArrayList(); >> java::util::Iterator* i =3D l->iterator(); >> java::lang::reflect::Method* m =3D i->getClass()->getDeclaredMethod( >> JvNewStringUTF("hasNext"), NULL); >> printf("calling invoke, it'll dump core in natMethod.cc line 194\n"); >> m->invoke(i, NULL); >> return 0; >> } >> >> $gcc problem.cpp -lgcj >> $./a.out >> calling invoke >> Aborted (core dumped) >> >> $gdb -core core a.out >> (gdb) where >> #0 0x00002adf9252bed5 in raise () from /lib/libc.so.6 >> #1 0x00002adf9252d3f3 in abort () from /lib/libc.so.6 >> #2 0x00002adf90bdeed8 in _Jv_Throw (value=3D0x2adf932cd370) at >> ../../../src/libjava/exception.cc:128 >> #3 0x00002adf90bd2a2a in _Jv_catch_segv (_p=3D) at >> ../../../src/libjava/prims.cc:184 >> #4 >> #5 0x00002adf90c217d3 in java::lang::reflect::Method::invoke >> (this=3D0x2adf932d1c80, obj=3D0x2adf93ba6e40, >> args=3D0x0) at ../../../src/libjava/java/lang/reflect/natMethod.cc:194 >> #6 0x0000000000400a5c in main () >> >> The top of the stack is from the NULL-pointer catching signal handler >> we believe, so #5 and #6 are the relevant ones. >> >> The point is that we believe that the scenario in the C++ code is >> valid, both from Java and from C++, and we do not see the reasons for >> the additional check that has been added to the invoke() method. > > Method.invoke() is required to check accessibility according to the > Java Language Specification, so this check is required. You refer to this I assume: http://java.sun.com/docs/books/jls/third_edition/html/names.html#6.6 "A member (class, interface, field, or method) of a reference (class, interface, or array) type or a constructor of a class type is accessible only if the type is accessible and the member or constructor is declared to permit access: * If the member or constructor is declared public, then access is permitted. All members of interfaces are implicitly public. * Otherwise, if the member or constructor is declared protected, then access is permitted only when one of the following is true: + Access to the member or constructor occurs from within the package containing the class in which the protected member or constructor is declared. + Access is correct as described in =C2=A76.6.2. * Otherwise, if the member or constructor is declared private, then access is permitted if and only if it occurs within the body of the top level class (=C2=A77.6) that encloses the declaration of the member or constructor. * Otherwise, we say there is default access, which is permitted only when the access occurs from within the package in which the type is declared." It seems that the type is accessible (Iterator) and the method is declared public. Then it is accessible without further conditions. The patch in invoke falls back to the scenario under the last bullet, which is not correct I believe. > The only thing libgcj is doing wrong is failing to check for null > "caller" (which can't happen in Java code). It should probably do this > check and throw an IllegalAccessException, or maybe just permit the > access. Yes, it should check for NULL and grant access, otherwise it would be too restrictive. > A workaround is to just add a Method.setAccessible() call to your code > to bypass access checks. Thanks, I'll remember that from my delegation in Java project and I'll give it a try. Erik > > Bryce