-
Bug
-
Resolution: Fixed
-
P4
-
1.1.6
-
b01
-
generic
-
solaris_2.5
-
Verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2021376 | 1.2.0 | Joe Fialli | P4 | Resolved | Fixed | 1.2fcs |
Within a Serializable class' customization of the readObject method,
There is a serious bug in serialization if an optional data
object is read before calling defaultReadObject. This bug
can lead to InvalidClassException or ClassCastException being
thrown by defaultReadObject(). A regression test is at the end of this
report.
InvalidClassException is getting thrown at line 119 in ObjectStreamClass.c
because inputClassFields() is called with mismatch parameters.
The ObjectInputStream static currentClass gets out of sync with
the static currentClassDesc and these mismatched parameters get passed
to the native method inputClassFields. The problem disappears
when the Suggested Fix is applied.
joseph.fialli@East 1998-06-23
Regression test: Fails in JDK 1.1, not JDK 1.2.
import java.io.*;
class A implements Serializable {
String str1 = new String("A");
};
public class OptionalDataFirst implements Serializable{
transient A transientA;
Object a;
OptionalDataFirst() {
a = new A();
transientA = new A();
}
private void writeObject(ObjectOutputStream out) throws IOException {
out.writeObject(transientA);
out.defaultWriteObject();
}
private void readObject(ObjectInputStream in )
throws IOException, ClassNotFoundException
{
transientA = (A) in.readObject();
in.defaultReadObject();
}
public static void main(String args[])
throws IOException, ClassNotFoundException
{
ByteArrayOutputStream baos = new ByteArrayOutputStream();
ObjectOutputStream os = new ObjectOutputStream(baos);
os.writeObject(new OptionalDataFirst());
os.close();
ObjectInputStream in =
new ObjectInputStream(new ByteArrayInputStream(baos.toByteArray()));
OptionalDataFirst o = (OptionalDataFirst)in.readObject();
in.close();
}
};
There is a serious bug in serialization if an optional data
object is read before calling defaultReadObject. This bug
can lead to InvalidClassException or ClassCastException being
thrown by defaultReadObject(). A regression test is at the end of this
report.
InvalidClassException is getting thrown at line 119 in ObjectStreamClass.c
because inputClassFields() is called with mismatch parameters.
The ObjectInputStream static currentClass gets out of sync with
the static currentClassDesc and these mismatched parameters get passed
to the native method inputClassFields. The problem disappears
when the Suggested Fix is applied.
joseph.fialli@East 1998-06-23
Regression test: Fails in JDK 1.1, not JDK 1.2.
import java.io.*;
class A implements Serializable {
String str1 = new String("A");
};
public class OptionalDataFirst implements Serializable{
transient A transientA;
Object a;
OptionalDataFirst() {
a = new A();
transientA = new A();
}
private void writeObject(ObjectOutputStream out) throws IOException {
out.writeObject(transientA);
out.defaultWriteObject();
}
private void readObject(ObjectInputStream in )
throws IOException, ClassNotFoundException
{
transientA = (A) in.readObject();
in.defaultReadObject();
}
public static void main(String args[])
throws IOException, ClassNotFoundException
{
ByteArrayOutputStream baos = new ByteArrayOutputStream();
ObjectOutputStream os = new ObjectOutputStream(baos);
os.writeObject(new OptionalDataFirst());
os.close();
ObjectInputStream in =
new ObjectInputStream(new ByteArrayInputStream(baos.toByteArray()));
OptionalDataFirst o = (OptionalDataFirst)in.readObject();
in.close();
}
};
- backported by
-
JDK-2021376 exceptions thrown reading optional data object before calling defaultReadObject
-
- Resolved
-