RFR 9: 8170291 : Unpredictable results of j.i.ObjectInputFilter::createFilter
Daniel Fuchs
daniel.fuchs at oracle.com
Wed Dec 7 20:04:38 UTC 2016
Looks good Roger!
best regards,
-- daniel
On 07/12/16 19:25, Roger Riggs wrote:
> Hi Daniel,
>
> Webrev updated in place:
> http://cr.openjdk.java.net/~rriggs/webrev-createfilter-8170287/
>
> Thanks for the suggestion, expanding on the text is a better intro to
> the more detail spec that follows.
>
> I also received a request to give a better description of the depth and
> references values
> in ObjectInputStream.
>
> The changes are in the webrev and below:
>
> diff --git a/src/java.base/share/classes/java/io/ObjectInputFilter.java
> b/src/java.base/share/classes/java/io/ObjectInputFilter.java
> --- a/src/java.base/share/classes/java/io/ObjectInputFilter.java
> +++ b/src/java.base/share/classes/java/io/ObjectInputFilter.java
> @@ -356,7 +356,9 @@ public interface ObjectInputFilter {
> * @param pattern the pattern string to parse; not null
> * @return a filter to check a class being deserialized;
> * {@code null} if no patterns
> - * @throws IllegalArgumentException If any of the following is
> true:
> + * @throws IllegalArgumentException if the pattern string is
> illegal or
> + * malformed and cannot be parsed.
> + * In particular, if any of the following is true:
> * <ul>
> * <li> if a limit is missing the name or the name is not one of
> * "maxdepth", "maxrefs", "maxbytes", or "maxarray"
> diff --git a/src/java.base/share/classes/java/io/ObjectInputStream.java
> b/src/java.base/share/classes/java/io/ObjectInputStream.java
> --- a/src/java.base/share/classes/java/io/ObjectInputStream.java
> +++ b/src/java.base/share/classes/java/io/ObjectInputStream.java
> @@ -1168,6 +1168,13 @@ public class ObjectInputStream
> * for each class and reference in the stream.
> * The filter can check any or all of the class, the array length,
> the number
> * of references, the depth of the graph, and the size of the input
> stream.
> + * The depth is the number of nested {@linkplain #readObject
> readObject}
> + * calls starting with the reading of the root of the graph being
> deserialized
> + * and the current object being deserialized.
> + * The number of references is the cumulative number of objects and
> references
> + * to objects already read from the stream including the current
> object being read.
> + * The filter is invoked only when reading objects from the stream
> and for
> + * not primitives.
>
>
> Thanks, Roger
>
>
> On 12/7/2016 6:46 AM, Daniel Fuchs wrote:
>> Hi Roger,
>>
>> What about adding a bit of leeway in the reason for which
>> IAE can be thrown. Here is the text from your webrev:
>>
>> 359 * @throws IllegalArgumentException If any of the
>> following is true:
>> 360 * <ul>
>> 361 * <li> if a limit is missing the name or the name is
>> not one of
>> 362 * "maxdepth", "maxrefs", "maxbytes", or "maxarray"
>> 363 * <li> if the value of the limit can not be parsed by
>> 364 * {@link Long#parseLong Long.parseLong} or is
>> negative
>> 365 * <li> if the pattern contains "/" and the module name
>> is missing
>> 366 * or the remaining pattern is empty
>> 367 * <li> if the package is missing for ".*" and ".**"
>> 368 * </ul>
>>
>> could it be amended to something like:
>>
>> @throws IllegalArgumentException if the pattern string is illegal or
>> malformed and cannot be parsed.
>> In particular, an IllegalArgumentException will be thrown
>> if any of the following is true: ...
>>
>> best regards,
>>
>> -- daniel
>>
>>
>> On 06/12/16 22:04, Roger Riggs wrote:
>>> Please review a few additional clarifications to the ObjectInputFilter
>>> specification for generating
>>> a filter from a pattern and use in ObjectInputStream plus related test
>>> updates.
>>>
>>> Webrev:
>>> http://cr.openjdk.java.net/~rriggs/webrev-createfilter-8170287/
>>>
>>> Thanks, Roger
>>>
>>
>
More information about the core-libs-dev
mailing list