classpath
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: url class loader bug?

From: Mark Wielaard
Subject: Re: url class loader bug?
Date: 10 Sep 2002 22:43:18 +0200 
Hi,

On Thu, 2002-09-05 at 17:09, Jeroen Frijters wrote:
> I'm starting to support class loaders and I've run into a
> NullPointerException. URLClassLoader.findClass() has the following
> fragment:
> 
>             // Now construct the CodeSource (if loaded from a jar file)
> [...]
> Notice how it only constructs a CodeSource when the url is a jar,
>
> now in
> SecureClassLoader.defineClass(), we find the follow code:
> 
>     ProtectionDomain protectionDomain =
>       new ProtectionDomain(cs, getPermissions(cs));
> 
> And URLClassLoader.getPermissions() does:
> 
>     URL url = source.getLocation();
> 
> And this lines throws a NullPointerException, because source is null
> (when the class isn't being loaded from a jar).

The following change to this method was committed recently to CVS:

2002-08-13  Philip Fong <address@hidden>

    * java/security/SecureClassLoader.java (SecureClassLoader): Only
    create ProtectionDomain when CodeSource is not null. Don't catch and
    ignore ClassFormatError.

> I think the fix would be to change URLClassLoader.findClass() to always
> construct a CodeSource even when the class isn't loaded from a jar.

I have imported the code from libgcj that also constructs a CodeSource
if the protocol is "file". This still does not guarantee that a
CodeSource is always created. But with the above change to
SecureClassLoader we are "safe" for the moment.

(If someone want to do some merging of Classpath and libgcj. Please look
at URLClassLoader to see what else we can use.)

Cheers,

Mark
reply via email to
[Prev in Thread] Current Thread [Next in Thread]