JDK-8281005 : System::setSecurityManager may throw NPE if the caller is null
  • Type: Sub-task
  • Component: core-libs
  • Sub-Component: java.lang
  • Affected Version: 17
  • Priority: P4
  • Status: Closed
  • Resolution: Won't Fix
  • Submitted: 2022-01-31
  • Updated: 2022-02-04
  • Resolved: 2022-02-04
Related Reports
Relates :  
JDK-8268349 - Provide clear run-time warnings about Security Manager deprecation
Description
The caller class is used in the warning message but it may throw NPE when invoked via JNI code with no caller frame and when -Djava.security.manager=allow is set when it accesses its code source and its name.
Comments
Discussed with [~mullan]. It's believed that it's unlikely a real use case calling System::setSecurityManager in JNI code with no caller frame and also set -Djava.security.manager=allow. Close this issue as WNF.
04-02-2022
System::setSecurityManager was made a caller-sensitive method in JDK 17 for JDK-8268349 to add a warning message that includes the caller class and protection domain.
04-02-2022