< prev index next >
src/share/classes/java/io/ObjectInputStream.java
Print this page
rev 12533 : 8174109: Better queuing priorities
Reviewed-by: smarks
rev 12550 : 8181597: Process Proxy presentation
Reviewed-by: dfuchs, ahgross, rhalade, skoivu
@@ -41,10 +41,11 @@
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import static java.io.ObjectStreamClass.processQueue;
+import sun.misc.SharedSecrets;
import sun.misc.ObjectInputFilter;
import sun.misc.ObjectStreamClassValidator;
import sun.misc.SharedSecrets;
import sun.reflect.misc.ReflectUtil;
import sun.misc.JavaOISAccess;
@@ -252,10 +253,20 @@
}
public ObjectInputFilter getObjectInputFilter(ObjectInputStream stream) {
return stream.getInternalObjectInputFilter();
}
+
+ public void checkArray(ObjectInputStream stream, Class<?> arrayType, int arrayLength)
+ throws InvalidClassException
+ {
+ stream.checkArray(arrayType, arrayLength);
+ }
+
+ public void setValidator(ObjectInputStream ois, ObjectStreamClassValidator validator) {
+ ois.validator = validator;
+ }
});
}
/*
* Separate class to defer initialization of logging until needed.
@@ -1255,10 +1266,37 @@
}
}
}
/**
+ * Checks the given array type and length to ensure that creation of such
+ * an array is permitted by this ObjectInputStream. The arrayType argument
+ * must represent an actual array type.
+ *
+ * This private method is called via SharedSecrets.
+ *
+ * @param arrayType the array type
+ * @param arrayLength the array length
+ * @throws NullPointerException if arrayType is null
+ * @throws IllegalArgumentException if arrayType isn't actually an array type
+ * @throws NegativeArraySizeException if arrayLength is negative
+ * @throws InvalidClassException if the filter rejects creation
+ */
+ private void checkArray(Class<?> arrayType, int arrayLength) throws InvalidClassException {
+ Objects.requireNonNull(arrayType);
+ if (! arrayType.isArray()) {
+ throw new IllegalArgumentException("not an array type");
+ }
+
+ if (arrayLength < 0) {
+ throw new NegativeArraySizeException();
+ }
+
+ filterCheck(arrayType, arrayLength);
+ }
+
+ /**
* Provide access to the persistent fields read from the input stream.
*/
public static abstract class GetField {
/**
@@ -1744,10 +1782,14 @@
ObjectStreamClass desc = new ObjectStreamClass();
int descHandle = handles.assign(unshared ? unsharedMarker : desc);
passHandle = NULL_HANDLE;
int numIfaces = bin.readInt();
+ if (numIfaces > 65535) {
+ throw new InvalidObjectException("interface limit exceeded: "
+ + numIfaces);
+ }
String[] ifaces = new String[numIfaces];
for (int i = 0; i < numIfaces; i++) {
ifaces[i] = bin.readUTF();
}
@@ -3867,13 +3909,6 @@
}
}
// controlled access to ObjectStreamClassValidator
private volatile ObjectStreamClassValidator validator;
-
- private static void setValidator(ObjectInputStream ois, ObjectStreamClassValidator validator) {
- ois.validator = validator;
- }
- static {
- SharedSecrets.setJavaObjectInputStreamAccess(ObjectInputStream::setValidator);
- }
}
< prev index next >