stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8264934: Enhance cross VM serialization

Browse Source 
Reviewed-by: smarks, rhalade, chegar
This commit is contained in:
Roger Riggs 2021-06-09 14:29:38 +00:00 committed by Henry Jen
parent 20ef954158
commit feff0e5578
1 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/java.base/share/classes/java/io/ObjectInputStream.java
View File

@ -1320,6 +1320,8 @@ public class ObjectInputStream
* <li>each object reference previously deserialized from the stream * <li>each object reference previously deserialized from the stream
* (class is {@code null}, arrayLength is -1), * (class is {@code null}, arrayLength is -1),
* <li>each regular class (class is not {@code null}, arrayLength is -1), * <li>each regular class (class is not {@code null}, arrayLength is -1),
* <li>each interface class explicitly referenced in the stream
* (it is not called for interfaces implemented by classes in the stream),
* <li>each interface of a dynamic proxy and the dynamic proxy class itself * <li>each interface of a dynamic proxy and the dynamic proxy class itself
* (class is not {@code null}, arrayLength is -1), * (class is not {@code null}, arrayLength is -1),
* <li>each array is filtered using the array type and length of the array * <li>each array is filtered using the array type and length of the array
@ -2082,6 +2084,30 @@ public class ObjectInputStream
totalObjectRefs++; totalObjectRefs++;
depth++; depth++;
desc.initNonProxy(readDesc, cl, resolveEx, readClassDesc(false)); desc.initNonProxy(readDesc, cl, resolveEx, readClassDesc(false));
if (cl != null) {
// Check that serial filtering has been done on the local class descriptor's superclass,
// in case it does not appear in the stream.
// Find the next super descriptor that has a local class descriptor.
// Descriptors for which there is no local class are ignored.
ObjectStreamClass superLocal = null;
for (ObjectStreamClass sDesc = desc.getSuperDesc(); sDesc != null; sDesc = sDesc.getSuperDesc()) {
if ((superLocal = sDesc.getLocalDesc()) != null) {
break;
}
}
// Scan local descriptor superclasses for a match with the local descriptor of the super found above.
// For each super descriptor before the match, invoke the serial filter on the class.
// The filter is invoked for each class that has not already been filtered
// but would be filtered if the instance had been serialized by this Java runtime.
for (ObjectStreamClass lDesc = desc.getLocalDesc().getSuperDesc();
lDesc != null && lDesc != superLocal;
lDesc = lDesc.getSuperDesc()) {
filterCheck(lDesc.forClass(), -1);
}
}
} finally { } finally {
depth--; depth--;
} }