JDK 8 RFR 8016252: More defensive HashSet.readObject
Brian Burkhalter
brian.burkhalter at oracle.com
Mon Oct 7 17:40:19 UTC 2013
On Oct 3, 2013, at 10:14 PM, Alan Bateman wrote:
> On 03/10/2013 16:17, Brian Burkhalter wrote:
>> Please review and comment at your convenience.
>>
>> Issue: https://bugs.openjdk.java.net/browse/JDK-8016252
>> Webrev: http://cr.openjdk.java.net/~bpb/8016252/
>>
>> Summary
>> * Improve validation checks in HashSet.readObject().
>>
>> Would this change imply updating the serialVersionUID?
>>
> I assume that capacity and loadFactor will be checked when attempting to create the HashMap so I don't think we strictly need the additional checks.
>
> As regards size > capacity, then won't that break things if the loadFactor is high? The size < 0 case seems to be harmless, we'll just end up with an empty Set.
>
> You SVUID shouldn't be updated (the serial form hasn't changed).
I have posted an updated webrev here:
http://cr.openjdk.java.net/~bpb/8016252.2/
I don't know whether it is the correct way to go, but this version attempts to use the capacity, load factor, and size as read in, insofar as they appear reasonable.
Thanks,
Brian
More information about the core-libs-dev
mailing list