Jeroen Frijters wrote:
Guilhem Lavaux wrote:
It appears that GNU Classpath's ObjectInputStream is not sufficiently
strict.
I agree.
Here is a patch to fix it in pure java.
It's not a good idea to re-introduce reflection into the per-object path
of serialization. That slows it down enormously.
Yes, I agree. I was just proposing the least modification patch. ;)
Actually I would have done all in native but JNI is not handy to just
check a modifier.
I'd like to propose something like the attached patch. It removes the
need to the constructor lookuk for every object.
The patch doesn't include the native side, because I haven't written
that (don't need it for IKVM) but I'm happy to write it if someone else
will test it.
I've written the native part. However to restrict the use of JNI code I
have added a new parameter which also passes the declaring class of the
constructor to the native function. It is used to call
CallNonvirtualMethodXX. Here is the new complete patch.
Thanks,
Regards,
Guilhem.