[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cp-patches] New serialization fix
From: |
Guilhem Lavaux |
Subject: |
[cp-patches] New serialization fix |
Date: |
Fri, 03 Dec 2004 22:58:55 +0100 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040804 |
Hi,
It appears that GNU Classpath's ObjectInputStream is not sufficiently
strict. One of kaffe's regression tests fails with the native JNI code
of GNU Classpath. The reason is that kaffe was implementing an internal
check on the invoked constructor: it must exists and not be private. I
haven't yet uploaded a mauve test for it but you can check that the JDK
is doing that by trying TestSerializable2 in kaffe's repository. Here is
a patch to fix it in pure java.
2004-12-03 Guilhem Lavaux <address@hidden>
* java/io/ObjectInputStream.java
(newObject): Check whether the constructor exists and is not
private before invoking it.
Regards,
Guilhem Lavaux.
Index: java/io/ObjectInputStream.java
===================================================================
RCS file: /cvsroot/classpath/classpath/java/io/ObjectInputStream.java,v
retrieving revision 1.48
diff -u -r1.48 ObjectInputStream.java
--- java/io/ObjectInputStream.java 6 Nov 2004 14:58:49 -0000 1.48
+++ java/io/ObjectInputStream.java 3 Dec 2004 21:58:14 -0000
@@ -41,12 +41,15 @@
import gnu.classpath.Configuration;
import gnu.java.io.ObjectIdentityWrapper;
+import java.lang.reflect.Constructor;
import java.lang.reflect.Array;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.lang.reflect.Proxy;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.Vector;
@@ -1754,11 +1757,35 @@
// returns a new instance of REAL_CLASS that has been constructed
// only to the level of CONSTRUCTOR_CLASS (a super class of REAL_CLASS)
private Object newObject (Class real_class, Class constructor_class)
- throws ClassNotFoundException
+ throws ClassNotFoundException, IOException
{
try
{
Object obj = allocateObject (real_class);
+ final Class local_constructor_class = constructor_class;
+ Constructor void_constructor = (Constructor)
+ AccessController.doPrivileged(new PrivilegedAction()
+ {
+ public Object run()
+ {
+ try
+ {
+ return local_constructor_class.getDeclaredConstructor(new
Class[0]);
+ }
+ catch (NoSuchMethodException e)
+ {
+ return null;
+ }
+ }
+ });
+
+ if (void_constructor == null)
+ throw new InvalidClassException(constructor_class.getName() + ";
Missing no-arg constructor for class");
+
+ if (Modifier.isPrivate(void_constructor.getModifiers()))
+ throw new InvalidClassException(constructor_class.getName() +
+ "; IllegalAccessException");
+
callConstructor (constructor_class, obj);
return obj;
}