-
Type:
Sub-task
-
Resolution: Delivered
-
Priority:
P3
-
Affects Version/s: 21
-
Component/s: core-libs
`ObjectInputStream::readObject()` now throws a `StreamCorruptedException` instead of a `NegativeArraySizeException` when reading an array with a negative array size from a corrupted object input stream. Collection classes with a custom `readObject()` method which previously threw a `NegativeArraySizeException` when the number of their elements read from the deserialization stream was negative will now throw a `StreamCorruptedException` instead.
- relates to
-
JDK-8306744 ObjectInputStream::readObject() should handle negative array sizes without throwing NegativeArraySizeExceptions
-
- Closed
-