RFR: 8343250: ArrayBlockingQueue serialization not thread safe
Viktor Klang
vklang at openjdk.org
Mon Nov 11 21:48:03 UTC 2024
On Wed, 30 Oct 2024 08:54:55 GMT, kabutz <duke at openjdk.org> wrote:
> The ArrayBlockingQueue has had a readObject() method since Java 7, which checks invariants of the deserialized object. However, it does not have a writeObject() method. This means that the ArrayBlockingQueue could be modified whilst it is being written, resulting in broken invariants. The readObject() method's invariant checking is not exhaustive, which means that it is possible to end up with ArrayBlockingQueue instances that contain null values, leading to a difference between "size()" and how many objects would be returned with "poll()".
>
> The ABQ should get a writeObject() method that is locking on the same locks as the rest of the class.
@kabutz In case you missed this:
"➡️ To flag this PR as ready for integration with the above commit message, type /integrate in a new comment. (Afterwards, your sponsor types /sponsor in a new comment to perform the integration)."
-------------
PR Comment: https://git.openjdk.org/jdk/pull/21783#issuecomment-2469092130
More information about the core-libs-dev
mailing list