Integrated: 8280642: ObjectInputStream.readObject should throw InvalidClassException instead of IllegalAccessError
Roger Riggs
rriggs at openjdk.java.net
Tue Feb 1 20:16:13 UTC 2022
On Fri, 28 Jan 2022 21:02:23 GMT, Roger Riggs <rriggs at openjdk.org> wrote:
> During deserialization of a serialized data stream that contains a proxy descriptor with non-public interfaces
> `java.io.ObjectInputStream` checks that the interfaces can be loaded from a single classloader in `ObjectInputStream.resolveProxyClass`.
> If the interfaces cannot be loaded from a single classloader, an `IllegalAccessError` is thrown.
> When `ObjectInputStream.readObject` encounters this case, it reflects an incompatibility
> between the classloaders of the source of the serialized stream and the classloader being used for deserialization.
> When a proxy object cannot be created from the interfaces, `ObjectInputStream.readObject` should catch
> the `InvalidAccessError` and throw `InvalidObjectException` with the `InvalidAccessError` as the cause.
> This allows the application to handle the exception consistently with other errors during deserialization.
This pull request has now been integrated.
Changeset: fdd9ca74
Author: Roger Riggs <rriggs at openjdk.org>
URL: https://git.openjdk.java.net/jdk/commit/fdd9ca74bd6ca87c30be2bcdcfd22e19b7687a5a
Stats: 13 lines in 2 files changed: 5 ins; 0 del; 8 mod
8280642: ObjectInputStream.readObject should throw InvalidClassException instead of IllegalAccessError
Reviewed-by: naoto, mchung
-------------
PR: https://git.openjdk.java.net/jdk/pull/7274
More information about the core-libs-dev
mailing list