[jdk17u] RFR: 8277093: Vector should throw ClassNotFoundException for a missing class of an element

[Stuart Marks]

On Wed, 17 Nov 2021 14:37:14 GMT, Roger Riggs <rriggs at openjdk.org> wrote:

> Java.util.Vector reports a StreamCorruptedException instead of ClassNotFoundException due to the incorrect handling of a missing class by ObjectInputStream.GetField.get(name, val). (See JDK-8273660)
> 
> Vector checks the deserialized 'data' field for null and throws StreamCorruptedException.
> The null can be a reflection of more than one condition, including the field is null, the field is not present in the stream, and the field is null because one of the array elements could not be deserialized due to a missing class. 
> 
> The CSR includes a detailed description: JDK-8277153
> 
> This fix is targeted at JDK 17 and earlier versions.
> For the JDK project (current) the underlying API and behavior is corrected to correctly throw and handle the ClassNotFoundException.  
> See [JDK-8276665: ObjectInputStream.GetField.get(name, object) should throw ClassNotFoundException](https://bugs.openjdk.java.net/browse/JDK-8276665)

src/java.base/share/classes/java/util/Vector.java line 1162:

> 1160:         Object[] data = (Object[])gfields.get("elementData", null);
> 1161:         if (data == null && !gfields.defaulted("elementData") && count > 0) {
> 1162:             // Null or null because of CNFE on one of the contents; Issue: 8276665

I'm not sure what "null or null" means.

test/jdk/java/util/Vector/VectorElementCNFE.java line 97:

> 95: 
> 96:         // Modify the byte stream to change the classname to be deserialized to
> 97:         // XectorElementCNFE$Role.

This doesn't change the classname, does it? It looks like it changes the name of the "elementData" field to "XlementData".

-------------

PR: https://git.openjdk.java.net/jdk17u/pull/279