Restrict direct access to sun.misc.Unsafe
#43479
Comments
laurentgo
added a commit
to laurentgo/arrow
that referenced
this issue
Jul 30, 2024
`MemoryUtil.UNSAFE` field is a public field which provides unrestricted access to `sun.misc.Unsafe` instance which may cause misusage and possibly JVM crashes. Make the field private and only allow indirect use of Unsafe through `MemoryUtil` methods
danepitkin
pushed a commit
that referenced
this issue
Jul 30, 2024
### Rationale for this change `MemoryUtil.UNSAFE` field is a public field which provides unrestricted access to `sun.misc.Unsafe` instance which may cause misusage and possibly JVM crashes. ### What changes are included in this PR? Make the field (and other related fields) private and only allow indirect use of Unsafe through `MemoryUtil` methods ### Are these changes tested? Yes. ### Are there any user-facing changes? No **This PR includes breaking changes to public APIs.** Code using `MemoryUtil.UNSAFE` would break as the visibility of the field was changed to private * GitHub Issue: #43479 Authored-by: Laurent Goujon <[email protected]> Signed-off-by: Dane Pitkin <[email protected]>
|
Issue resolved by pull request 43480 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the enhancement requested
sun.misc.Unsafeis a Java internal class only accessible to classes loaded of the boot classloader, unless one uses reflection to bypass this restriction.org.apache.arrow.memory.util.MemoryUtilmakes it available as a public field to any java classes which is kind of opening a pandora box. As a first step towards switching fromsun.misc.Unsafeto safer memory access methods (which may become a requirement at some point as discussed in JEP 471 ), remove direct access tosun.misc.Unsafeinstance.Component(s)
Java
The text was updated successfully, but these errors were encountered: