alvinalexander.com | career | drupal | java | mac | mysql | perl | scala | uml | unix  

Java example source code file (bug_21227.java)

This example Java source code file (bug_21227.java) is included in the alvinalexander.com "Java Source Code Warehouse" project. The intent of this project is to help you "Learn Java by Example" TM.

Learn more about this Java project at its project page.

Java - Java tags/keywords

class, classloader, classnotfoundexception, iface, illegalaccessexception, instantiationexception, loader2, object, reflection, security, string, you_have_been_p0wned

The bug_21227.java Java example source code


import java.lang.reflect.*;
import java.security.*;

abstract public class bug_21227 {

  // Jam anything you want in here, it will be cast to a You_Have_Been_P0wned
  public static Object _p0wnee;

  public static void main(String argv[]) throws ClassNotFoundException, InstantiationException, IllegalAccessException {
    System.out.println("Warmup");

    // Make a Class 'many_loader' under the default loader
    bug_21227 bug = new many_loader();

    // Some classes under a new Loader, LOADER2, including another version of 'many_loader'
    ClassLoader LOADER2 = new Loader2();
    Class clazz2 = LOADER2.loadClass("from_loader2");
    IFace iface = (IFace)clazz2.newInstance();

    // Set the victim, a String of length 6
    String s = "victim";
    _p0wnee = s;

    // Go cast '_p0wnee' to type You_Have_Been_P0wned
    many_loader[] x2 = bug.make(iface);

    many_loader b = x2[0];

    // Make it clear that the runtime type many_loader (what we get from the
    // array X2) varies from the static type of many_loader.
    Class cl1 = b.getClass();
    ClassLoader ld1 = cl1.getClassLoader();
    Class cl2 = many_loader.class;
    ClassLoader ld2 = cl2.getClassLoader();
    System.out.println("bug.make()  "+ld1+":"+cl1);
    System.out.println("many_loader "+ld2+":"+cl2);

    // Read the victims guts out
    You_Have_Been_P0wned q = b._p0wnee;
    System.out.println("q._a = 0x"+Integer.toHexString(q._a));
    System.out.println("q._b = 0x"+Integer.toHexString(q._b));
    System.out.println("q._c = 0x"+Integer.toHexString(q._c));
    System.out.println("q._d = 0x"+Integer.toHexString(q._d));

    System.out.println("I will now crash the VM:");
    // On 32-bit HotSpot Java6 this sets the victim String length shorter, then crashes the VM
    //q._c = 3;
    q._a = -1;

    System.out.println(s);

  }

  // I need to compile (hence call in a loop) a function which returns a value
  // loaded from classloader other than the system one.  The point of this
  // call is to give me an abstract 'hook' into a function loaded with a
  // foreign loader.
  public abstract many_loader[] make( IFace iface ); // abstract factory
}

Other Java examples (source code examples)

Here is a short list of links related to this Java bug_21227.java source code file:
... this post is sponsored by my books ...

#1 New Release!
FP Best Seller

 

new blog posts

 

Copyright 1998-2021 Alvin Alexander, alvinalexander.com
All Rights Reserved.

A percentage of advertising revenue from
pages under the /java/jwarehouse URI on this website is
paid back to open source projects.