diff options
| author | Omair Majid <[email protected]> | 2012-10-05 23:02:53 -0400 |
|---|---|---|
| committer | Omair Majid <[email protected]> | 2012-10-05 23:02:53 -0400 |
| commit | ab6aca7146d2f436672f7766fc3d50a228aad5f5 (patch) | |
| tree | fd675df6bf3f3fb46522e9fc121d50cc9ba2ab46 /NEWS | |
| parent | ee45e9d0d23bcecbc08f44b838999201cebce2ad (diff) | |
PR1145: IcedTea-Web can cause ClassCircularityError
It is possible for the ClassLoader to encounter a ClassCircularityError.
This can happen when the ClassLoader detects that checking if a class
'A' has been loaded triggers another check of whether 'A' has been
loaded before the first check has completed. This can happen easily when
trying to load Policy or Permission classes, which lie in our code path
that checks whether a class has been loaded.
One possible fix is to ensure these classes are not in the path of code
that gets executed when we are trying to check for a class. This can be
done by removing the call to getAccessControlContextForClassLoading. The
javadocs for ClassLoader.findLoadedClass do not mention any
permissions required to call the method nor do they mention that the
method can throw a SecurityException. The native code that implements
findLoadedClass does not have any security checks either. The
doProvileged block is probably not needed here and removing it breaks
the circularity.
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -17,6 +17,7 @@ New in release 1.4 (2012-XX-XX): * Common - PR1049: Extension jnlp's signed jar with the content of only META-INF/* is considered - PR955: regression: SweetHome3D fails to run + - PR1145: IcedTea-Web can cause ClassCircularityError - PR1161: X509VariableTrustManager does not work correctly with OpenJDK7 New in release 1.3 (2012-XX-XX): |