Hi Mark, On 4/8/07, Mark Wielaard <mark@xxxxxxxxx> wrote:
On Sun, 2007-04-08 at 12:53 +0200, Christian Thalinger wrote: > Grrr, I hate this access checks. I'll try to fix that _again_. This seems to be pretty subtle and we found multiple runtimes (jamvm, cacao, gcj and kaffe at least) that seem to get this wrong.
...
So when Method.invoke() is called on an method member of an object which class type isn't public then it should only be allowed to successfully call the method if the caller is in the same package.
Strangely enough, I _did_ fix this in JamVM 1.4.4, but then removed the checks again in JamVM 1.4.5! http://cvs.berlios.de/cgi-bin/viewcvs.cgi/jamvm/jamvm/src/reflect.c.diff?r1=1.9&r2=1.10 If I remember the reason for removing it again was that it broke some stuff. I had a quick look at cacao and gcj, and found they didn't do the check, and not having the time at that point to look into it properly just backed the change out. I'll see if I can find what broke. Thanks, Rob. P.S. The extra checks also checked class access for reflection access to fields in addition to methods...
Cheers, Mark
