[jdk17u] RFR: 8277093: Vector should throw ClassNotFoundException for a missing class of an element [v2]

Stuart Marks smarks at openjdk.java.net
Sat Nov 20 04:46:22 UTC 2021


On Thu, 18 Nov 2021 15:46:23 GMT, Roger Riggs <rriggs at openjdk.org> wrote:

>> Java.util.Vector reports a StreamCorruptedException instead of ClassNotFoundException due to the incorrect handling of a missing class by ObjectInputStream.GetField.get(name, val). (See JDK-8273660)
>> 
>> Vector checks the deserialized 'data' field for null and throws StreamCorruptedException.
>> The null can be a reflection of more than one condition, including the field is null, the field is not present in the stream, and the field is null because one of the array elements could not be deserialized due to a missing class. 
>> 
>> The CSR includes a detailed description: JDK-8277153
>> 
>> This fix is targeted at JDK 17 and earlier versions.
>> For the JDK project (current) the underlying API and behavior is corrected to correctly throw and handle the ClassNotFoundException.  
>> See [JDK-8276665: ObjectInputStream.GetField.get(name, object) should throw ClassNotFoundException](https://bugs.openjdk.java.net/browse/JDK-8276665)
>
> Roger Riggs has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Improve comments requested in reviews.

Marked as reviewed by smarks (Reviewer).

-------------

PR: https://git.openjdk.java.net/jdk17u/pull/279


More information about the jdk-updates-dev mailing list