Code review request for 6990094 "ObjectInputStream cloneArray doesn't handle short[]"
Rémi Forax
forax at univ-mlv.fr
Mon Dec 6 17:15:39 UTC 2010
On 12/06/2010 05:03 PM, Peter Jones wrote:
> On Mon, Dec 6, 2010 at 2:35 AM, Joe Darcy<joe.darcy at oracle.com> wrote:
>> Off-list, Alan found the a related closed test and Stuart and I have
>> developed an explicit test that tickles this bug:
>>
>> http://cr.openjdk.java.net/~darcy/6990094.1/
> Looks good to me.
>
> On Mon, Dec 6, 2010 at 3:10 AM, Rémi Forax<forax at univ-mlv.fr> wrote:
>> Hi Joe,
>> In the test, I don't see why the replacement field has to be static in
>> Resolver.
>> In my opinion, a private final field is sufficient.
> I don't know on what instance you would set such an instance field, to
> control the exact reference returned by invoking readUnshared on a
> deserialized instance. The attack scenario addressed by the original
> bug fix would likely use a static field similarly.
>
> -- Peter
I mean create two instances sharing the same replacement Object.
static class Resolver implements Serializable {
private final Object replacement;
public Resolver(Object o) {
this.replacement = replacement;
}
private Object readResolve() throws ObjectStreamException {
return replacement;
}
}
private static void test(Object replacement)
throws IOException, ClassNotFoundException {
try(ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
try(ObjectOutputStream oos = new ObjectOutputStream(baos)) {
oos.writeObject(new Resolver(replacement));
oos.writeObject(new Resolver(replacement));
}
Rémi
More information about the core-libs-dev
mailing list