Uploaded image for project: 'Clojure'
  1. CLJ-2454

IllegalAccessException possible invoking matching reflective call

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Completed
    • Affects versions: Release 1.10
    • Fix versions: Release 1.10
    • Labels:
    • Approval:
      Ok
    • Patch:
      Code

      Description

      This is similar to the problems in CLJ-2066 Closed , but through a different code path. Basically, the reflector can find a method instance that is available via reflection, but not module-accessible and invoking that can produce an IllegalAccessException.

      To reproduce:

      clj -J--illegal-access=deny -Sdeps '{:deps {org.clojure/clojure {:mvn/version "1.10.0-RC4"}}}}'
      

      Then:

      (def el
        (.getElementsByTagName
          (.parse
            (.newDocumentBuilder
              (javax.xml.parsers.DocumentBuilderFactory/newDefaultInstance))
            (java.io.StringBufferInputStream. "<a><b>1</b><b>2</b></a>"))
          "b"))
      
      (.getLength el)  ;; expect: 2
      
      ;; Execution error (IllegalAccessException) at jdk.internal.reflect.Reflection/newIllegalAccessException (Reflection.java:361).
      ;; class clojure.lang.Reflector cannot access class com.sun.org.apache.xerces.internal.dom.DeepNodeListImpl (in module java.xml) because module java.xml does not export com.sun.org.apache.xerces.internal.dom to unnamed module @3af356f
      

      In this case, the reflector is finding the method DeepNodeListImpl.getLength(), which is not module accessible, rather than the public interface method NodeList.getLength().

      Proposed: The reflector already does one check for whether the method is publicly invokable and knows how to find an invokable super-class method instead. Here we need to add an additional check on Method#canAccess() (new as of Java 9).

      Patch: clj-2454-2.patch - checks canAccess() when deciding whether matched method is invokable. Also, added new methods getAsMethodOfAccessibleBase and isAccessibleMatch that are copies of the (now unused) getAsMethodOfPublicBase and isMatch methods that check accessibility before selecting a super method. Old ones left in case anyone was invoking them directly (no callers in Clojure itself).

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              alexmiller Alex Miller
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: