Skip to content

Fix ConstantPoolGen dedup key collisions for names with delimiters#510

Merged
garydgregory merged 1 commit into
apache:masterfrom
rootvector2:constantpoolgen-key-collision
Jul 2, 2026
Merged

Fix ConstantPoolGen dedup key collisions for names with delimiters#510
garydgregory merged 1 commit into
apache:masterfrom
rootvector2:constantpoolgen-key-collision

Conversation

@rootvector2

Copy link
Copy Markdown
Contributor

ConstantPoolGen dedups field/method/interface-method refs in one cpTable (and name-and-type entries in natTable) by concatenating the class, member and signature names with single-char delimiters (: # & %). Those characters are legal inside JVM names, JVMS 4.2.2 only bans . ; [ / and, for members, < >, so two distinct refs whose names contain a delimiter hash to the same key. Spotted while auditing the dedup tables: addMethodref("Foo", "bar:baz", "()V") and addMethodref("Foo:bar", "baz", "()V") both build the key Foo:bar:baz:()V, so the second add/lookup returns the first ref's constant pool index and an instruction emitted against it points at the wrong member when a pool is rebuilt from an untrusted class.

Route every cpTable/natTable key through a toKey helper that length-prefixes each part, so the key stays uniquely decodable whatever the parts contain. Keeping the keying in one private helper means add and lookup can't drift apart, and there is no public API change.

  • Read the contribution guidelines for this project.
  • Read the ASF Generative Tooling Guidance if you use Artificial Intelligence (AI).
  • I used AI to create any part of, or all of, this pull request. Which AI tool was used to create this pull request, and to what extent did it contribute?
  • Run a successful build using the default Maven goal with mvn; that's mvn on the command line by itself.
  • Write unit tests that match behavioral changes, where the tests fail if the changes to the runtime are not applied.
  • Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
  • Each commit in the pull request should have a meaningful subject line and body.

Class and member names may legally contain the ':', '#', '&' and '%' characters used to delimit the constant pool dedup-table keys, so two distinct references whose names contain one collapsed to a single constant pool entry. Length-prefix each key part so distinct triples stay distinct.
@garydgregory garydgregory changed the title fix ConstantPoolGen dedup key collisions for names with delimiters Fix ConstantPoolGen dedup key collisions for names with delimiters Jul 2, 2026
@garydgregory garydgregory merged commit 604b7bd into apache:master Jul 2, 2026
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants