RFR: 8331224: ClassCastException in ObjectInputStream hides ClassNotFoundException [v2]

Roger Riggs rriggs at openjdk.org
Fri May 17 18:09:18 UTC 2024


> The issue reported a ClassCastException "cannot assign instance of java.util.CollSer to field of type java.util.Map"
> while deserializing an object referring to an immutable Map that contained a reference to a class that was not available.
> Immutable Collections such as Map utilize a serialization proxy in their serialized form.
> During deserialization the serialization proxy (a private implementation class) was attempted to be set in a field resulting in the ClassCastException. The ClassCastException and bug hid the ClassCastException that should have been thrown.
> 
> When reading record fields or fields of a class, the results of deserialization of individual fields are recorded as dependencies of the object being constructed.
> The apparent bug is that the summary of those dependencies is not checked between reading the fields and invoking the constructor to create the record or assigning the fields to an object being constructed.

Roger Riggs has updated the pull request incrementally with one additional commit since the last revision:

  Add description of exception behavior when reading components in readRecord()

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/19043/files
  - new: https://git.openjdk.org/jdk/pull/19043/files/cb9cad62..d2f1db96

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=19043&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=19043&range=00-01

  Stats: 7 lines in 1 file changed: 6 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/19043.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/19043/head:pull/19043

PR: https://git.openjdk.org/jdk/pull/19043


More information about the core-libs-dev mailing list