RFR: 8280642: IllegalAccessError thrown by ObjectInputStream.resolveProxyClass is not handled [v2]
Roger Riggs
rriggs at openjdk.java.net
Mon Jan 31 21:32:10 UTC 2022
On Mon, 31 Jan 2022 20:01:39 GMT, Roger Riggs <rriggs at openjdk.org> wrote:
>> During deserialization of a serialized data stream that contains a proxy descriptor with non-public interfaces
>> `java.io.ObjectInputStream` checks that the interfaces can be loaded from a single classloader in `ObjectInputStream.resolveProxyClass`.
>> If the interfaces cannot be loaded from a single classloader, an `IllegalAccessError` is thrown.
>> When `ObjectInputStream.readObject` encounters this case, it reflects an incompatibility
>> between the classloaders of the source of the serialized stream and the classloader being used for deserialization.
>> When a proxy object cannot be created from the interfaces, `ObjectInputStream.readObject` should catch
>> the `InvalidAccessError` and throw `InvalidObjectException` with the `InvalidAccessError` as the cause.
>> This allows the application to handle the exception consistently with other errors during deserialization.
>
> Roger Riggs has updated the pull request incrementally with one additional commit since the last revision:
>
> Review feedback recommends using InvalidClassException
The CSR has been updated to reflect the use of InvalidClassException, please review.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7274
More information about the core-libs-dev
mailing list