Withdrawn: 8273660: ObjectInputStream.GetField.get returns null instead of handling ClassNotFoundException
Roger Riggs
rriggs at openjdk.java.net
Mon Nov 15 19:12:42 UTC 2021
On Wed, 20 Oct 2021 21:57:29 GMT, Roger Riggs <rriggs at openjdk.org> wrote:
> The ObjectInputStream.GetField method `get(String name, Object val)` should have been throwing
> a ClassNotFoundException if the class was not found. Instead the implementation was returning null.
> A design error does not allow the `get(String name, Object val)` method to throw CNFE as it should.
> However, an exception must be thrown to prevent invalid data from being returned.
> Wrapping the CNFE in IOException allows it to be thrown and the exception handled.
> The call to `get(String name, Object val)` is always from within a `readObject` method
> so the deserialization logic can catch the IOException and unwrap it to handle the CNFE.
This pull request has been closed without being integrated.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6053
More information about the core-libs-dev
mailing list