[cp-patches] Patch: RFC: copy bytes in defineClass

[Tom Tromey]

It seems to me that defineClass() ought to always copy the data it is
given, to prevent user code from modifying it while it during/after
processing.  And furthermore it seemed slightly better to me to do
this once, in Classpath, instead of letting every VM do it separately.

Any comments on this?  I suppose one argument against would be, "only
trusted code can define a class anyway".  This still seems safest to
me, but if that is the way it goes, I'd like to at least insert a
comment explaining the reasoning.

Tom


Index: ChangeLog
from  Tom Tromey  <address@hidden>

        * java/lang/ClassLoader.java (defineClass): Copy the data first.

Index: java/lang/ClassLoader.java
===================================================================
RCS file: /cvsroot/classpath/classpath/java/lang/ClassLoader.java,v
retrieving revision 1.31
diff -u -r1.31 ClassLoader.java
--- java/lang/ClassLoader.java 23 Apr 2004 21:13:20 -0000 1.31
+++ java/lang/ClassLoader.java 11 Aug 2004 19:04:46 -0000
@@ -1,5 +1,5 @@
 /* ClassLoader.java -- responsible for loading classes into the VM
-   Copyright (C) 1998, 1999, 2001, 2002, 2003 Free Software Foundation, Inc.
+   Copyright (C) 1998, 1999, 2001, 2002, 2003, 2004 Free Software Foundation, 
Inc.
 
 This file is part of GNU Classpath.
 
@@ -435,8 +435,12 @@
       domain = defaultProtectionDomain;
     if (! initialized)
       throw new SecurityException("attempt to define class from uninitialized 
class loader");
-    Class retval = VMClassLoader.defineClass(this, name, data,
-                                             offset, len, domain);
+
+    byte[] copy = new byte[len];
+    System.arraycopy(data, offset, copy, 0, len);
+
+    Class retval = VMClassLoader.defineClass(this, name, copy,
+                                            0, len, domain);
     loadedClasses.put(retval.getName(), retval);
     return retval;
   }