OpenJDK / jdk8u / monojdk8u

changeset 48799:77ccfc2d7c3c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8264934: Enhance cross VM serialization Reviewed-by: rriggs, andrew
author mbalao
date Tue, 05 Oct 2021 13:42:21 +0000
parents 3a58399a0de6
children d2dfd71b99fd
files jdk/src/share/classes/java/io/ObjectInputStream.java
diffstat 1 files changed, 26 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/jdk/src/share/classes/java/io/ObjectInputStream.java	Tue Dec 14 00:52:18 2021 +0000
+++ b/jdk/src/share/classes/java/io/ObjectInputStream.java	Tue Oct 05 13:42:21 2021 +0000
@@ -1244,6 +1244,8 @@
      *     <li>each object reference previously deserialized from the stream
      *     (class is {@code null}, arrayLength is -1),
      *     <li>each regular class (class is not {@code null}, arrayLength is -1),
+     *     <li>each interface class explicitly referenced in the stream
+     *         (it is not called for interfaces implemented by classes in the stream),
      *     <li>each interface of a dynamic proxy and the dynamic proxy class itself
      *     (class is not {@code null}, arrayLength is -1),
      *     <li>each array is filtered using the array type and length of the array
@@ -2001,6 +2003,30 @@
             totalObjectRefs++;
             depth++;
             desc.initNonProxy(readDesc, cl, resolveEx, readClassDesc(false));
+
+            if (cl != null) {
+                // Check that serial filtering has been done on the local class descriptor's superclass,
+                // in case it does not appear in the stream.
+
+                // Find the next super descriptor that has a local class descriptor.
+                // Descriptors for which there is no local class are ignored.
+                ObjectStreamClass superLocal = null;
+                for (ObjectStreamClass sDesc = desc.getSuperDesc(); sDesc != null; sDesc = sDesc.getSuperDesc()) {
+                    if ((superLocal = sDesc.getLocalDesc()) != null) {
+                        break;
+                    }
+                }
+
+                // Scan local descriptor superclasses for a match with the local descriptor of the super found above.
+                // For each super descriptor before the match, invoke the serial filter on the class.
+                // The filter is invoked for each class that has not already been filtered
+                // but would be filtered if the instance had been serialized by this Java runtime.
+                for (ObjectStreamClass lDesc = desc.getLocalDesc().getSuperDesc();
+                     lDesc != null && lDesc != superLocal;
+                     lDesc = lDesc.getSuperDesc()) {
+                    filterCheck(lDesc.forClass(), -1);
+                }
+            }
         } finally {
             depth--;
         }
© 2007, Oracle and/or its affiliates
Terms of Use · Privacy · Trademarks