Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8155977

Update ObjectInputStream::resolveClass and resolveProxyClass to work with platform class loader

    XMLWordPrintable

Details

    Description

      The default implementation of ObjectInputStream::resolveClass and resolveProxyClass finds the user-defined class loader on the stack and considered only system classes are loaded by null loader. These methods should be updated to prepare if any system class are defined by the platform class loader and its ancestors instead.

      As JDK modules are deprivileged, classes on the stack defined by the platform class loader should be excluded. As for the implementation, JVM_LatestUserDefinedLoader returns the first non-null class loader on the stack. Walking the stack to find the latest user defined loader is fragile. Serialization and RMI depend on it. It'd be even better if this can be removed.

      Attachments

        Issue Links

          blocks

          Enhancement - null JDK-8154189 Deprivilege java.sql and java.sql.rowset module

          • P3 - Major loss of function.
          • Resolved
          relates to

          Bug - A problem which impairs or prevents the functions of the product. JDK-8169653 Restore ObjectInputStream::resolveClass call stack default search order

          • P2 - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. JDK-8208389 OSGi: Invalid secret key format "Unable to read a keystore"

          • P3 - Major loss of function.
          • Closed

          Activity

            People

              mchung Mandy Chung
              mchung Mandy Chung
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: