JDK 8 RFR 8016252: More defensive HashSet.readObject
Alan Bateman
Alan.Bateman at oracle.com
Tue Oct 8 09:14:21 UTC 2013
On 07/10/2013 22:03, Brian Burkhalter wrote:
> On Oct 7, 2013, at 1:43 PM, Brian Burkhalter wrote:
>
>> On second thought an exception really should be thrown on negative size; will update.
> http://cr.openjdk.java.net/~bpb/8016252.2/ updated including a not-very-exciting and perhaps unnecessary test.
>
> Brian
This looks better, the checks on loadFactor and size look okay.
I don't know all the history on this bug but it looks like the goal was
partly to avoid resizing when deserializing. This means the capacity
could match HashMap. To be consistent with the size check then we could
throw an exception if the capacity is negative (interesting case for
tests and malware only).
I skimmed over the test but it doesn't appear to exercise anything new.
If you want to exercise the checks then it would require deserializing
from a byte stream that results in bad loadFactor, size and capacity
values. It might not be worth it of course.
-Alan
More information about the core-libs-dev
mailing list