From ded4c433ac00ba912c8647fc3e503ad984da0f62 Mon Sep 17 00:00:00 2001
From: Sanne Grinovero <sanne@hibernate.org>
Date: Sat, 3 Dec 2022 18:07:28 +0000
Subject: [PATCH] HHH-15808 ByteBuddyProxyFactory#getHibernateProxy is
 triggering type pollution via generic PrivilegedAction

---
 .../pojo/bytebuddy/ByteBuddyProxyFactory.java | 37 ++++++++++++-------
 1 file changed, 23 insertions(+), 14 deletions(-)

diff --git a/hibernate-core/src/main/java/org/hibernate/proxy/pojo/bytebuddy/ByteBuddyProxyFactory.java b/hibernate-core/src/main/java/org/hibernate/proxy/pojo/bytebuddy/ByteBuddyProxyFactory.java
index 41183f90de..827860d4aa 100644
--- a/hibernate-core/src/main/java/org/hibernate/proxy/pojo/bytebuddy/ByteBuddyProxyFactory.java
+++ b/hibernate-core/src/main/java/org/hibernate/proxy/pojo/bytebuddy/ByteBuddyProxyFactory.java
@@ -89,29 +89,38 @@ public class ByteBuddyProxyFactory implements ProxyFactory, Serializable {
 				overridesEquals
 		);
 
+		final HibernateProxy proxy = getHibernateProxy();
+		( (ProxyConfiguration) proxy ).$$_hibernate_set_interceptor( interceptor );
 
-			final HibernateProxy proxy = getHibernateProxy();
-			( (ProxyConfiguration) proxy ).$$_hibernate_set_interceptor( interceptor );
-
-			return proxy;
+		return proxy;
 
 	}
 
-	private HibernateProxy getHibernateProxy()
+	private HibernateProxy getHibernateProxy() {
+		final PrimeAmongSecondarySupertypes internal = getHibernateProxyInternal();
+		final HibernateProxy hibernateProxy = internal.asHibernateProxy();
+		if ( hibernateProxy == null ) {
+			throw new HibernateException( "Produced proxy does not correctly implement HibernateProxy" );
+		}
+		return hibernateProxy;
+	}
+
+	/**
+	 * This technically returns a HibernateProxy, but declaring that type as the return
+	 * type for the privileged action triggers an implicit case of type pollution.
+	 * We therefore declare it as PrimeAmongSecondarySupertypes, and require the
+	 * invoker to perform the narrowing
+	 */
+	private PrimeAmongSecondarySupertypes getHibernateProxyInternal()
 			throws HibernateException {
 
-		final PrivilegedAction<HibernateProxy> action = new PrivilegedAction<HibernateProxy>() {
+		final PrivilegedAction<PrimeAmongSecondarySupertypes> action = new PrivilegedAction<PrimeAmongSecondarySupertypes>() {
 
 			@Override
-			public HibernateProxy run() {
+			public PrimeAmongSecondarySupertypes run() {
 
 				try {
-					PrimeAmongSecondarySupertypes instance = (PrimeAmongSecondarySupertypes) proxyClass.getConstructor().newInstance();
-					final HibernateProxy hibernateProxy = instance.asHibernateProxy();
-					if ( hibernateProxy == null ) {
-						throw new HibernateException( "Produced proxy does not correctly implement HibernateProxy" );
-					}
-					return hibernateProxy;
+					return (PrimeAmongSecondarySupertypes) proxyClass.getConstructor().newInstance();
 				}
 				catch (NoSuchMethodException e) {
 					String logMessage = LOG.bytecodeEnhancementFailedBecauseOfDefaultConstructor( entityName );
@@ -127,6 +136,6 @@ public class ByteBuddyProxyFactory implements ProxyFactory, Serializable {
 			}
 		};
 		return SystemSecurityManager.isSecurityManagerEnabled() ? AccessController.doPrivileged( action ) : action.run();
-
 	}
+
 }