--- old/src/share/classes/java/lang/reflect/Executable.java 2013-09-12 15:56:55.101359533 -0400 +++ new/src/share/classes/java/lang/reflect/Executable.java 2013-09-12 15:56:54.669354314 -0400 @@ -316,6 +316,28 @@ return out; } + private void verifyParameters(final Parameter[] parameters) { + final int mask = Modifier.parameterModifiers(); + + if (getParameterTypes().length != parameters.length) + throw new MalformedParametersException("Wrong number of parameters in MethodParameters attribute"); + + for (Parameter parameter : parameters) { + final String name = parameter.getName(); + final int mods = parameter.getModifiers(); + + if (!name.isEmpty() || name.indexOf('.') != -1 || + name.indexOf(';') != -1 && name.indexOf('[') != -1 || + name.indexOf('/') != -1) { + throw new MalformedParametersException("Invalid parameter name"); + } + + if (mods != (mods & mask)) { + throw new MalformedParametersException("Invalid parameter modifiers"); + } + } + } + private Parameter[] privateGetParameters() { // Use tmp to avoid multiple writes to a volatile. Parameter[] tmp = parameters; @@ -323,7 +345,12 @@ if (tmp == null) { // Otherwise, go to the JVM to get them - tmp = getParameters0(); + try { + tmp = getParameters0(); + } catch(IllegalArgumentException e) { + // Rethrow ClassFormatErrors + throw new MalformedParametersException("Invalid constant pool index"); + } // If we get back nothing, then synthesize parameters if (tmp == null) { @@ -331,6 +358,7 @@ tmp = synthesizeAllParams(); } else { hasRealParameterData = true; + verifyParameters(tmp); } parameters = tmp; --- old/src/share/classes/java/lang/reflect/Modifier.java 2013-09-12 15:56:56.406375318 -0400 +++ new/src/share/classes/java/lang/reflect/Modifier.java 2013-09-12 15:56:56.004370454 -0400 @@ -408,7 +408,7 @@ * @jls 8.4.1 Formal Parameters */ private static final int PARAMETER_MODIFIERS = - Modifier.FINAL; + Modifier.FINAL | Modifier.SYNTHETIC | Modifier.MANDATED; /** * --- old/src/share/classes/java/lang/reflect/Parameter.java 2013-09-12 15:56:57.691390864 -0400 +++ new/src/share/classes/java/lang/reflect/Parameter.java 2013-09-12 15:56:57.292386038 -0400 @@ -104,7 +104,7 @@ * to the class file. */ public boolean isNamePresent() { - return executable.hasRealParameterData(); + return executable.hasRealParameterData() && name != null; } /** --- /dev/null 2013-09-09 19:52:40.435176968 -0400 +++ new/src/share/classes/java/lang/reflect/MalformedParametersException.java 2013-09-12 15:56:58.551401270 -0400 @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package java.lang.reflect; + +/** + * Thrown when {@link java.lang.reflect.Executable#getParameters the + * java.lang.reflect package} attempts to read method parameters from + * a class file and determines that one or more parameters are + * malformed. + */ +public class MalformedParametersException extends RuntimeException { + public MalformedParametersException() {} + public MalformedParametersException(String reason) { + super(reason); + } +} --- /dev/null 2013-09-09 19:52:40.435176968 -0400 +++ new/test/java/lang/reflect/Parameter/BadClassFiles.java 2013-09-12 15:56:59.708415268 -0400 @@ -0,0 +1,80 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @run main BadClassFiles + * @summary The reflection API should throw the correct exceptions. + */ +import java.lang.Class; +import java.lang.reflect.Method; +import java.lang.reflect.Parameter; +import java.lang.reflect.MalformedParametersException; + +public class BadClassFiles { + private int errors = 0; + + private final Class[] classes = { + EmptyName.class, + BadModifiers.class, + BadNameIndex.class, + NameIndexOutOfBounds.class, + // Name with . + BadName1.class, + // Name with [ + BadName2.class, + // Name with ; + BadName3.class, + // Name with / + BadName4.class, + // Name with single unicode backspace + BadName5.class, + // Name with a backspace that becomes empty because of it. + BadName6.class + }; + + public static void main(String... args) throws NoSuchMethodException { + new BadClassFiles().run(); + } + + public void assertBadParameters(Class cls) throws NoSuchMethodException { + try { + System.err.println("Trying " + cls); + final Method method = cls.getMethod("m", int.class, int.class); + final Parameter[] params = method.getParameters(); + System.err.println("Name " + params[0].getName()); + System.err.println("Did not see expected exception"); + errors++; + } catch(MalformedParametersException e) { + System.err.println("Expected exception seen"); + } + } + + public void run() throws NoSuchMethodException { + for (Class cls : classes) + assertBadParameters(cls); + + if (errors != 0) + throw new RuntimeException(errors + " errors in test"); + } +} Binary files /dev/null and new/test/java/lang/reflect/Parameter/BadModifiers.class differ Binary files /dev/null and new/test/java/lang/reflect/Parameter/BadName1.class differ Binary files /dev/null and new/test/java/lang/reflect/Parameter/BadName2.class differ Binary files /dev/null and new/test/java/lang/reflect/Parameter/BadName3.class differ Binary files /dev/null and new/test/java/lang/reflect/Parameter/BadName4.class differ Binary files /dev/null and new/test/java/lang/reflect/Parameter/BadName5.class differ Binary files /dev/null and new/test/java/lang/reflect/Parameter/BadName6.class differ Binary files /dev/null and new/test/java/lang/reflect/Parameter/BadNameIndex.class differ Binary files /dev/null and new/test/java/lang/reflect/Parameter/EmptyName.class differ Binary files /dev/null and new/test/java/lang/reflect/Parameter/NameIndexOutOfBounds.class differ