# Thursday, October 17, 2013
« Type Confusion PoC for CVE-2013-3131 (MS... | Main | Java Method Overriding Is FUBAR Part 8 o... »
Java Method Overriding Is FUBAR Part 7 of ∞

My friends at Oracle seem determined to make me finish my infinite series of blog posts of Java method overriding.

Before the 7u45 security update the following (pseudo) code ran fine:

class A {
  final void m() { }
}

class B extends A {
  private void m() { }
}

Now with 7u45, loading class B throws an exception:

java.lang.VerifyError: class B overrides final method m.()V

This makes no sense at all and is a misguided attempt to fix the issue I reported here. Ironically, it doesn't even completely fix the issue, because a static finalize method still prevents the final finalizer from running:

class A {
  protected void finalize() {
    System.out.println("A.finalize");
  }
}

class B extends A {
  public static void main(String[] args) {
    new B();
    System.gc();
    System.runFinalization();
  }

  private static void finalize() { }
}

Pre-emptive comment about comments: Feel free to leave comments, but I'm not going to respond to people that clearly don't have a clue.

Update: I misread the spec. The change is actually in line with the spec. Unfortunately the spec is wrong.

Thursday, October 17, 2013 9:33:48 AM (W. Europe Daylight Time, UTC+02:00)  #    Comments [8]