RFR 9: 8170291 : Unpredictable results of j.i.ObjectInputFilter::createFilter
Roger Riggs
Roger.Riggs at Oracle.com
Wed Dec 7 19:25:45 UTC 2016
Hi Daniel,
Webrev updated in place:
http://cr.openjdk.java.net/~rriggs/webrev-createfilter-8170287/
Thanks for the suggestion, expanding on the text is a better intro to
the more detail spec that follows.
I also received a request to give a better description of the depth and
references values
in ObjectInputStream.
The changes are in the webrev and below:
diff --git a/src/java.base/share/classes/java/io/ObjectInputFilter.java
b/src/java.base/share/classes/java/io/ObjectInputFilter.java
--- a/src/java.base/share/classes/java/io/ObjectInputFilter.java
+++ b/src/java.base/share/classes/java/io/ObjectInputFilter.java
@@ -356,7 +356,9 @@ public interface ObjectInputFilter {
* @param pattern the pattern string to parse; not null
* @return a filter to check a class being deserialized;
* {@code null} if no patterns
- * @throws IllegalArgumentException If any of the following is
true:
+ * @throws IllegalArgumentException if the pattern string is
illegal or
+ * malformed and cannot be parsed.
+ * In particular, if any of the following is true:
* <ul>
* <li> if a limit is missing the name or the name is not one of
* "maxdepth", "maxrefs", "maxbytes", or "maxarray"
diff --git a/src/java.base/share/classes/java/io/ObjectInputStream.java
b/src/java.base/share/classes/java/io/ObjectInputStream.java
--- a/src/java.base/share/classes/java/io/ObjectInputStream.java
+++ b/src/java.base/share/classes/java/io/ObjectInputStream.java
@@ -1168,6 +1168,13 @@ public class ObjectInputStream
* for each class and reference in the stream.
* The filter can check any or all of the class, the array length,
the number
* of references, the depth of the graph, and the size of the
input stream.
+ * The depth is the number of nested {@linkplain #readObject
readObject}
+ * calls starting with the reading of the root of the graph being
deserialized
+ * and the current object being deserialized.
+ * The number of references is the cumulative number of objects and
references
+ * to objects already read from the stream including the current
object being read.
+ * The filter is invoked only when reading objects from the stream
and for
+ * not primitives.
Thanks, Roger
On 12/7/2016 6:46 AM, Daniel Fuchs wrote:
> Hi Roger,
>
> What about adding a bit of leeway in the reason for which
> IAE can be thrown. Here is the text from your webrev:
>
> 359 * @throws IllegalArgumentException If any of the
> following is true:
> 360 * <ul>
> 361 * <li> if a limit is missing the name or the name is
> not one of
> 362 * "maxdepth", "maxrefs", "maxbytes", or "maxarray"
> 363 * <li> if the value of the limit can not be parsed by
> 364 * {@link Long#parseLong Long.parseLong} or is
> negative
> 365 * <li> if the pattern contains "/" and the module name
> is missing
> 366 * or the remaining pattern is empty
> 367 * <li> if the package is missing for ".*" and ".**"
> 368 * </ul>
>
> could it be amended to something like:
>
> @throws IllegalArgumentException if the pattern string is illegal or
> malformed and cannot be parsed.
> In particular, an IllegalArgumentException will be thrown
> if any of the following is true: ...
>
> best regards,
>
> -- daniel
>
>
> On 06/12/16 22:04, Roger Riggs wrote:
>> Please review a few additional clarifications to the ObjectInputFilter
>> specification for generating
>> a filter from a pattern and use in ObjectInputStream plus related test
>> updates.
>>
>> Webrev:
>> http://cr.openjdk.java.net/~rriggs/webrev-createfilter-8170287/
>>
>> Thanks, Roger
>>
>
More information about the core-libs-dev
mailing list