1 /*
2 * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
27
28 import java.io.ObjectStreamClass.WeakClassKey;
29 import java.lang.System.Logger;
30 import java.lang.ref.ReferenceQueue;
31 import java.lang.reflect.Array;
32 import java.lang.reflect.Modifier;
33 import java.lang.reflect.Proxy;
34 import java.security.AccessControlContext;
35 import java.security.AccessController;
36 import java.security.PrivilegedAction;
37 import java.security.PrivilegedActionException;
38 import java.security.PrivilegedExceptionAction;
39 import java.util.Arrays;
40 import java.util.Map;
41 import java.util.Objects;
42 import java.util.concurrent.ConcurrentHashMap;
43 import java.util.concurrent.ConcurrentMap;
44
45 import static java.io.ObjectStreamClass.processQueue;
46
47 import jdk.internal.misc.SharedSecrets;
48 import jdk.internal.misc.Unsafe;
49 import sun.reflect.misc.ReflectUtil;
50
51 /**
52 * An ObjectInputStream deserializes primitive data and objects previously
53 * written using an ObjectOutputStream.
54 *
55 * <p><strong>Warning: Deserialization of untrusted data is inherently dangerous
56 * and should be avoided. Untrusted data should be carefully validated according to the
57 * "Serialization and Deserialization" section of the
58 * {@extLink secure_coding_guidelines_javase Secure Coding Guidelines for Java SE}.
59 * {@extLink serialization_filter_guide Serialization Filtering} describes best
60 * practices for defensive use of serial filters.
61 * </strong></p>
62 *
63 * <p>ObjectOutputStream and ObjectInputStream can provide an application with
64 * persistent storage for graphs of objects when used with a FileOutputStream
65 * and FileInputStream respectively. ObjectInputStream is used to recover
66 * those objects previously serialized. Other uses include passing objects
67 * between hosts using a socket stream or for marshaling and unmarshaling
|
1 /*
2 * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
27
28 import java.io.ObjectStreamClass.WeakClassKey;
29 import java.lang.System.Logger;
30 import java.lang.ref.ReferenceQueue;
31 import java.lang.reflect.Array;
32 import java.lang.reflect.Modifier;
33 import java.lang.reflect.Proxy;
34 import java.security.AccessControlContext;
35 import java.security.AccessController;
36 import java.security.PrivilegedAction;
37 import java.security.PrivilegedActionException;
38 import java.security.PrivilegedExceptionAction;
39 import java.util.Arrays;
40 import java.util.Map;
41 import java.util.Objects;
42 import java.util.concurrent.ConcurrentHashMap;
43 import java.util.concurrent.ConcurrentMap;
44
45 import static java.io.ObjectStreamClass.processQueue;
46
47 import jdk.internal.access.SharedSecrets;
48 import jdk.internal.misc.Unsafe;
49 import sun.reflect.misc.ReflectUtil;
50
51 /**
52 * An ObjectInputStream deserializes primitive data and objects previously
53 * written using an ObjectOutputStream.
54 *
55 * <p><strong>Warning: Deserialization of untrusted data is inherently dangerous
56 * and should be avoided. Untrusted data should be carefully validated according to the
57 * "Serialization and Deserialization" section of the
58 * {@extLink secure_coding_guidelines_javase Secure Coding Guidelines for Java SE}.
59 * {@extLink serialization_filter_guide Serialization Filtering} describes best
60 * practices for defensive use of serial filters.
61 * </strong></p>
62 *
63 * <p>ObjectOutputStream and ObjectInputStream can provide an application with
64 * persistent storage for graphs of objects when used with a FileOutputStream
65 * and FileInputStream respectively. ObjectInputStream is used to recover
66 * those objects previously serialized. Other uses include passing objects
67 * between hosts using a socket stream or for marshaling and unmarshaling
|