Review Request JDK-8155977: Update ObjectInputStream::resolveClass and resolveProxyClass to work with platform class loader
Karen Kinnear
karen.kinnear at oracle.com
Wed May 4 20:31:57 UTC 2016
For the record, I reviewed the jvm changes and they look good.
thanks,
Karen
> On May 4, 2016, at 3:29 PM, Mandy Chung <mandy.chung at oracle.com> wrote:
>
> The default implementation of ObjectInputStream::resolveClass and resolveProxyClass finds the user-defined class loader on the stack and assumes that only system classes are loaded by null loader. As JDK modules are deprivileged, classes on the stack defined by the platform class loader.
>
> These methods should be updated to prepare if any system class are defined by the platform class loader and its ancestors instead.
>
> As for the implementation, I fix JVM_LatestUserDefinedLoader to returns the first non-null class loader on the stack that is not platform class loader. This is so fragile and would be really nice if this could go away while the past work shows that it’s unlikely - Alan may say more on this. If this stays, I’d like this to be replaced with StackWalker API and remove such built-in logic in the VM in the future.
>
> Webrev:
> http://cr.openjdk.java.net/~mchung/jdk9/webrevs/8155977/webrev.00/
>
> Mandy
More information about the core-libs-dev
mailing list