currently I am working on a project that deals with byte-code analysis. I came across the code,
char[] buff = new char[1];
//some code tainting the buff
return (new String(buff));
in the byte code I found the relevant mapping of new String(buff) to be
Ljava/lang/StringValue.cache
can anyone of you guys explain from where this cache field comes to the scenario?
it is from jdk i.6, StringValue. according to the description, "This class consists exclusively of static methods that operate on character arrays used by Strings for storing the value. "
Can anyone put a light on this? What is its purpose actually? What I think that it is mostly because of the character buffer they used which is passed to the string as an arguement. This class is not modifying the contents of the buffer, rather I think it is just a gateway to illustrate that the content of the buffer is only for initialing a string.
That shouldn't really be possible. Here's what the sequence you posted looks like after compilation by a recent Javac.
iconst_1
newarray char
astore_1
new java/lang/String
dup
aload_1
invokespecial java/lang/String <init> ([C)V
areturn
Furthermore, java/lang/StringValue doesn't even exist, at least as of jre1.7.0_17. Furthermore, the presence of a period indicates it's probably one of Jasmin's merged class/method tokens in which case it's actually referring to a class in the Ljava package, whatever that's supposed to be.
There are two main possiblities - either a broken compiler or a broken disassembler. If you post the classfile here, we can at least figure out which of those is the case.