JDK 8 RFR 8016252: More defensive HashSet.readObject
Alan Bateman
Alan.Bateman at oracle.com
Wed Oct 9 10:41:06 UTC 2013
On 08/10/2013 21:50, Brian Burkhalter wrote:
> I have updated the webrev accordingly
>
> http://cr.openjdk.java.net/~bpb/8016252/webrev.3/
> <http://cr.openjdk.java.net/%7Ebpb/8016252/webrev.3/>
This looks good, I think this gets us to where we wanted to be.
> :
>
>> I skimmed over the test but it doesn't appear to exercise anything
>> new. If you want to exercise the checks then it would require
>> deserializing from a byte stream that results in bad loadFactor, size
>> and capacity values. It might not be worth it of course.
>
> No, it does not exercise anything new. I actually did try inserting
> random garbage into the written-out byte stream, but without knowing
> where to do so to affect the fields of interest it is rather useless
> and causes totally unpredictable results. I don't know that this test
> really needs to be included with the patch.
There are tools around for decoding serialization streams and in this
case you need to change the right bytes to exercise the conditions. It's
probably not worth spending too much time on this (there are more
important things to get done before ZBB) so I wouldn't object to just
creating another bug to improve the test coverage for this area and move on.
-Alan.
More information about the core-libs-dev
mailing list