diff --git a/test/java/io/Serializable/6559775/README b/test/java/io/Serializable/6559775/README deleted file mode 100644 index c7a4a9ffe25d958c92c2dc0e11d35d5fe9ef3940..0000000000000000000000000000000000000000 --- a/test/java/io/Serializable/6559775/README +++ /dev/null @@ -1,29 +0,0 @@ -The testcase works well on dual core machines. -The below output indicates a successful fix: - -Exception in thread "Thread-0" java.lang.NullPointerException - at java.io.ObjectInputStream.defaultReadObject(ObjectInputStream.java:476) - at SerialRace$1.run(SerialRace.java:33) - at java.lang.Thread.run(Thread.java:595) - - -When the vulnerability exists, the output of the tescase is something like this: -Available processors: 2 -Iteration 1 -java.io.NotActiveException: not in readObject invocation or fields already read - at java.io.ObjectInputStream$CallbackContext.checkAndSetUsed(ObjectInputStream.java:3437) - at java.io.ObjectInputStream$CallbackContext.getObj(ObjectInputStream.java:3427) - at java.io.ObjectInputStream.readFields(ObjectInputStream.java:514) - at SerialVictim.readObject(SerialVictim.java:19) - at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) - at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) - at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) - at java.lang.reflect.Method.invoke(Method.java:585) - at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:946) - at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1809) - at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1719) - at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1305) - at java.io.ObjectInputStream.readObject(ObjectInputStream.java:348) - at SerialRace.main(SerialRace.java:65) -Victim: ? -Victim: $ diff --git a/test/java/io/Serializable/6559775/SerialRace.java b/test/java/io/Serializable/6559775/SerialRace.java deleted file mode 100644 index 2d4df6a0218e57e3d179dafedc079deb273e8e85..0000000000000000000000000000000000000000 --- a/test/java/io/Serializable/6559775/SerialRace.java +++ /dev/null @@ -1,86 +0,0 @@ -/* - * @test %W% %E% - * @bug 6559775 - * @summary Race allows defaultReadObject to be invoked instead of readFields during deserialization - * @run shell Test6559775.sh -*/ - -import java.io.*; - -public class SerialRace { - public static void main(String[] args) throws Exception { - System.err.println( - "Available processors: "+ - Runtime.getRuntime().availableProcessors() - ); - - final int perStream = 10000; - - // Construct attack data. - ByteArrayOutputStream byteOut = new ByteArrayOutputStream(); - { - ObjectOutputStream out = new ObjectOutputStream(byteOut); - char[] value = new char[] { '?' }; - out.writeObject(value); - for (int i=0; i test.out 2>&1 - -cat test.out - -STATUS=0 - -egrep "java.io.NotActiveException|not in readObject invocation or fields already read|^Victim" test.out - -if [ $? = 0 ] -then - STATUS=1 -else - grep "java.lang.NullPointerException" test.out - - if [ $? != 0 ]; then - STATUS=1 - fi -fi - -exit $STATUS diff --git a/test/java/io/Serializable/6966692/Attack.java b/test/java/io/Serializable/6966692/Attack.java deleted file mode 100644 index 9a408b20d4eb7525bad6084a4060e0cb588004d5..0000000000000000000000000000000000000000 --- a/test/java/io/Serializable/6966692/Attack.java +++ /dev/null @@ -1,34 +0,0 @@ -/* - * @test - * @bug 6966692 - * @summary defaultReadObject can set a field multiple times - * @run shell Test6966692.sh -*/ - -import java.io.*; - -public class Attack { - public static void main(String[] args) throws Exception { - attack(setup()); - } - /** Returned data has Victim with two aaaa fields. */ - private static byte[] setup() throws Exception { - Victim victim = new Victim(); - ByteArrayOutputStream byteOut = new ByteArrayOutputStream(); - ObjectOutputStream out = new ObjectOutputStream(byteOut); - out.writeObject(victim); - out.close(); - byte[] data = byteOut.toByteArray(); - String str = new String(data, 0); // hibyte is 0 - str = str.replaceAll("bbbb", "aaaa"); - str.getBytes(0, data.length, data, 0); // ignore hibyte - return data; - } - private static void attack(byte[] data) throws Exception { - ObjectInputStream in = new ObjectInputStream( - new ByteArrayInputStream(data) - ); - Victim victim = (Victim)in.readObject(); - System.out.println(victim+" "+victim.aaaa); - } -} diff --git a/test/java/io/Serializable/6966692/README b/test/java/io/Serializable/6966692/README deleted file mode 100644 index f4448688391a8ce0539e23f0360dbf32bdf2c204..0000000000000000000000000000000000000000 --- a/test/java/io/Serializable/6966692/README +++ /dev/null @@ -1,23 +0,0 @@ -Testcase shows default deserialisation of the Victim having two values for the same field. - -Probably requires dual core to run successfully. - -Reading thread is warmed up so that it can easily win the race for the demonstration, but this means we need to make the field volatile. - -Typical output: - -Victim@1551f60 BBBB -Victim@1551f60 AAAA - -The output when its fixed is, -Victim@1975b59 AAAA -Victim@1975b59 AAAA - The value is retained - -and when it is not fixed, it shows something like -Victim@173a10f AAAA -Victim@173a10f BBBB - the value of the object gets set again and hence is different. This is a bug - -Look at the -AAAA AAAA -and -AAAA BBBB diff --git a/test/java/io/Serializable/6966692/Test6966692.sh b/test/java/io/Serializable/6966692/Test6966692.sh deleted file mode 100644 index 326f24684ed67f6b346c8ceb43d7bdacd751dbc4..0000000000000000000000000000000000000000 --- a/test/java/io/Serializable/6966692/Test6966692.sh +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/sh - -if [ "${TESTSRC}" = "" ] -then TESTSRC=. -fi - -if [ "${TESTJAVA}" = "" ] -then - PARENT=`dirname \`which java\`` - TESTJAVA=`dirname ${PARENT}` - echo "TESTJAVA not set, selecting " ${TESTJAVA} - echo "If this is incorrect, try setting the variable manually." -fi - -if [ "${TESTCLASSES}" = "" ] -then - echo "TESTCLASSES not set. Test cannot execute. Failed." - exit 1 -fi - -BIT_FLAG="" - -# set platform-dependent variables -OS=`uname -s` -case "$OS" in - SunOS | Linux ) - NULL=/dev/null - PS=":" - FS="/" - ## for solaris, linux it's HOME - FILE_LOCATION=$HOME - if [ -f ${FILE_LOCATION}${FS}JDK64BIT -a ${OS} = "SunOS" ] - then - BIT_FLAG=`cat ${FILE_LOCATION}${FS}JDK64BIT | grep -v '^#'` - fi - ;; - Windows_* ) - NULL=NUL - PS=";" - FS="\\" - ;; - * ) - echo "Unrecognized system!" - exit 1; - ;; -esac - -JEMMYPATH=${CPAPPEND} -CLASSPATH=.${PS}${TESTCLASSES}${PS}${JEMMYPATH} ; export CLASSPATH - -THIS_DIR=`pwd` - -${TESTJAVA}${FS}bin${FS}java ${BIT_FLAG} -version - -cp ${TESTSRC}${FS}*.java . -chmod 777 *.java - -${TESTJAVA}${FS}bin${FS}javac *.java - -${TESTJAVA}${FS}bin${FS}java ${BIT_FLAG} Attack > test.out 2>&1 - -cat test.out - -STATUS=0 - -egrep "^Victim.*BBBB.*AAAA|^Victim.*AAAA.*BBBB" test.out - -if [ $? = 0 ] -then - STATUS=1 -else - egrep "^Victim.*BBBB.*BBBB|^Victim.*AAAA.*AAAA" test.out - - if [ $? != 0 ]; then - STATUS=1 - fi -fi - -exit $STATUS diff --git a/test/java/io/Serializable/6966692/Victim.java b/test/java/io/Serializable/6966692/Victim.java deleted file mode 100644 index f26276e3a660f942e7bbc66a1ff4cd77b0860815..0000000000000000000000000000000000000000 --- a/test/java/io/Serializable/6966692/Victim.java +++ /dev/null @@ -1,35 +0,0 @@ -import java.io.*; - -public class Victim implements Serializable { - public volatile Object aaaa = "AAAA"; // must be volatile... - private final Object aabb = new Show(this); - public Object bbbb = "BBBB"; -} -class Show implements Serializable { - private final Victim victim; - public Show(Victim victim) { - this.victim = victim; - } - private void readObject(java.io.ObjectInputStream in) - throws IOException, ClassNotFoundException - { - in.defaultReadObject(); - Thread thread = new Thread(new Runnable() { public void run() { - for (;;) { - Object a = victim.aaaa; - if (a != null) { - System.err.println(victim+" "+a); - break; - } - } - }}); - thread.start(); - - // Make sure we are running compiled whilst serialisation is done interpreted. - try { - Thread.sleep(1000); - } catch (java.lang.InterruptedException exc) { - Thread.currentThread().interrupt(); - } - } -}