[jboss-jira] [JBoss JIRA] (WFLY-11861) ObjectStreamClass use of bridge.getXXX static fields does not confirm Unsafe API

Mon Mar 18 19:03:00 EDT 2019

     [ https://issues.jboss.org/browse/WFLY-11861?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tomasz Adamski updated WFLY-11861:
----------------------------------
    Description: 
ObjectStreamClass must use staticFieldBase object instead of class object to get a field value, see for example the code
openjdk-orb-jdk9/src/main/java/com/sun/corba/se/impl/io/ObjectStreamClass.java

{code:java}
 final Field f = cl.getDeclaredField("serialVersionUID"); 
 int mods = f.getModifiers(); 
 // SerialBug 5:  static final SUID should be read 
 if (Modifier.isStatic(mods) && Modifier.isFinal(mods) ) { 
     long offset = bridge.staticFieldOffset(f); 
     suid = bridge.getLong(cl, offset); 
{code}

Here are excerpts from sun.misc.Unsafe doc:

public native Object staticFieldBase(Field f)
Report the location of a given static field, in conjunction with #staticFieldOffset.
...
public int getInt(Object o, int offset) // getLong, etc.
...
The results are undefined unless one of the following cases is true:
...
The offset and object reference o (either null or
non-null) were both obtained via #staticFieldOffset
and #staticFieldBase (respectively) from the
reflective Field representation of some Java field.

With OpenJDK VMs using the class object incidentally works but with other VMs (Azul Zing for example) this fails.

  was:
ObjectStreamClass must use staticFieldBase object instead of class object to get a field value, see for example the code
openjdk-orb-jdk9/src/main/java/com/sun/corba/se/impl/io/ObjectStreamClass.java

{code:java}
 final Field f = cl.getDeclaredField("serialVersionUID"); 
 int mods = f.getModifiers(); 
 // SerialBug 5:  static final SUID should be read 
 if (Modifier.isStatic(mods) && Modifier.isFinal(mods) ) { 
     long offset = bridge.staticFieldOffset(f); 
     suid = bridge.getLong(cl, offset); 
{code:java}

Here are excerpts from sun.misc.Unsafe doc:

public native Object staticFieldBase(Field f)
Report the location of a given static field, in conjunction with #staticFieldOffset.
...
public int getInt(Object o, int offset) // getLong, etc.
...
The results are undefined unless one of the following cases is true:
...
The offset and object reference o (either null or
non-null) were both obtained via #staticFieldOffset
and #staticFieldBase (respectively) from the
reflective Field representation of some Java field.

With OpenJDK VMs using the class object incidentally works but with other VMs (Azul Zing for example) this fails.

> ObjectStreamClass use of bridge.getXXX static fields does not confirm Unsafe API
> --------------------------------------------------------------------------------
>
>                 Key: WFLY-11861
>                 URL: https://issues.jboss.org/browse/WFLY-11861
>             Project: WildFly
>          Issue Type: Bug
>          Components: IIOP
>    Affects Versions: 16.0.0.Final
>            Reporter: Tomasz Adamski
>            Assignee: Tomasz Adamski
>            Priority: Major
>             Fix For: 17.0.0.Beta1
>
>
> ObjectStreamClass must use staticFieldBase object instead of class object to get a field value, see for example the code
> openjdk-orb-jdk9/src/main/java/com/sun/corba/se/impl/io/ObjectStreamClass.java
> {code:java}
>  final Field f = cl.getDeclaredField("serialVersionUID"); 
>  int mods = f.getModifiers(); 
>  // SerialBug 5:  static final SUID should be read 
>  if (Modifier.isStatic(mods) && Modifier.isFinal(mods) ) { 
>      long offset = bridge.staticFieldOffset(f); 
>      suid = bridge.getLong(cl, offset); 
> {code}
> Here are excerpts from sun.misc.Unsafe doc:
> public native Object staticFieldBase(Field f)
> Report the location of a given static field, in conjunction with #staticFieldOffset.
> ...
> public int getInt(Object o, int offset) // getLong, etc.
> ...
> The results are undefined unless one of the following cases is true:
> ...
> The offset and object reference o (either null or
> non-null) were both obtained via #staticFieldOffset
> and #staticFieldBase (respectively) from the
> reflective Field representation of some Java field.
> With OpenJDK VMs using the class object incidentally works but with other VMs (Azul Zing for example) this fails.

--
This message was sent by Atlassian Jira
(v7.12.1#712002)