-
Bug
-
Resolution: Fixed
-
P4
-
1.0.1, 1.4.0
-
None
-
beta
-
generic
-
generic
-
Verified
In order to avoid locking the global ObjectStreamClass lookup table for
potentially long periods of time, ObjectStreamClass currently adds new entries
into the lookup table in two steps: first, (while the table is locked) it
creates a new, mostly-blank class descriptor, and enters it into the table with
the associated class as its key; afterwards (once the table lock has been
released), it performs various reflective operations on the class necessary to
calculate/determine the serialVersionUID, obtain Method objects for
class-defined serialization methods, etc.
While this allows threads to initialize class descriptors without keeping the
table locked, it has an unfortunate side effect--if any fatal errors occur
during the initialization of the class descriptor, the incomplete class
descriptor is left in the lookup table, and may be returned as the value of
subsequent lookups. In particular, this problem can surface when the
associated class cannot be initialized; the resulting NoClassDefFoundError
terminates ObjectStreamClass.init(), but not before the class descriptor has
marked itself as initialized (the attached sample code demonstrates this
problem).
ObjectStreamClass should take steps to ensure that incomplete class descriptors
cannot be returned via lookup, perhaps by not marking them initialized until
init() has terminated.
potentially long periods of time, ObjectStreamClass currently adds new entries
into the lookup table in two steps: first, (while the table is locked) it
creates a new, mostly-blank class descriptor, and enters it into the table with
the associated class as its key; afterwards (once the table lock has been
released), it performs various reflective operations on the class necessary to
calculate/determine the serialVersionUID, obtain Method objects for
class-defined serialization methods, etc.
While this allows threads to initialize class descriptors without keeping the
table locked, it has an unfortunate side effect--if any fatal errors occur
during the initialization of the class descriptor, the incomplete class
descriptor is left in the lookup table, and may be returned as the value of
subsequent lookups. In particular, this problem can surface when the
associated class cannot be initialized; the resulting NoClassDefFoundError
terminates ObjectStreamClass.init(), but not before the class descriptor has
marked itself as initialized (the attached sample code demonstrates this
problem).
ObjectStreamClass should take steps to ensure that incomplete class descriptors
cannot be returned via lookup, perhaps by not marking them initialized until
init() has terminated.