8030002: Enhance deserialization using readObject

Reviewed-by: sherman, chegar, scolebourne

8030002: Enhance deserialization using readObject
Reviewed-by: sherman, chegar, scolebourne
670d889f · rriggs · b0783d29 · 670d889f · 670d889f · 670d889f
55 changed file
--- a/src/share/classes/java/time/Duration.java
+++ b/src/share/classes/java/time/Duration.java
@@ -74,7 +74,7 @@ import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
 import java.io.InvalidObjectException;
-import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.math.BigDecimal;
 import java.math.BigInteger;
@@ -1325,10 +1325,10 @@ public final class Duration
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/Instant.java
+++ b/src/share/classes/java/time/Instant.java
@@ -76,6 +76,7 @@ import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.format.DateTimeFormatter;
 import java.time.format.DateTimeParseException;
@@ -1346,10 +1347,10 @@ public final class Instant
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/LocalDate.java
+++ b/src/share/classes/java/time/LocalDate.java
@@ -78,6 +78,7 @@ import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.chrono.ChronoLocalDate;
 import java.time.chrono.Era;
@@ -2051,10 +2052,10 @@ public final class LocalDate
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/LocalDateTime.java
+++ b/src/share/classes/java/time/LocalDateTime.java
@@ -76,6 +76,7 @@ import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.chrono.ChronoLocalDateTime;
 import java.time.format.DateTimeFormatter;
@@ -1984,10 +1985,10 @@ public final class LocalDateTime
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/LocalTime.java
+++ b/src/share/classes/java/time/LocalTime.java
@@ -74,6 +74,7 @@ import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.format.DateTimeFormatter;
 import java.time.format.DateTimeParseException;
@@ -1636,10 +1637,10 @@ public final class LocalTime
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/MonthDay.java
+++ b/src/share/classes/java/time/MonthDay.java
@@ -68,6 +68,7 @@ import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.chrono.Chronology;
 import java.time.chrono.IsoChronology;
@@ -769,10 +770,10 @@ public final class MonthDay
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/OffsetDateTime.java
+++ b/src/share/classes/java/time/OffsetDateTime.java
@@ -72,6 +72,7 @@ import java.io.IOException;
 import java.io.ObjectInput;
 import java.io.ObjectOutput;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.chrono.IsoChronology;
 import java.time.format.DateTimeFormatter;
@@ -1923,10 +1924,10 @@ public final class OffsetDateTime
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/OffsetTime.java
+++ b/src/share/classes/java/time/OffsetTime.java
@@ -73,6 +73,7 @@ import java.io.IOException;
 import java.io.ObjectInput;
 import java.io.ObjectOutput;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.format.DateTimeFormatter;
 import java.time.format.DateTimeParseException;
@@ -1394,10 +1395,10 @@ public final class OffsetTime
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/Period.java
+++ b/src/share/classes/java/time/Period.java
@@ -69,6 +69,7 @@ import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.chrono.ChronoLocalDate;
 import java.time.chrono.ChronoPeriod;
@@ -1056,10 +1057,10 @@ public final class Period
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws java.io.InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/Year.java
+++ b/src/share/classes/java/time/Year.java
@@ -74,6 +74,7 @@ import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.chrono.Chronology;
 import java.time.chrono.IsoChronology;
@@ -1102,10 +1103,10 @@ public final class Year
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/YearMonth.java
+++ b/src/share/classes/java/time/YearMonth.java
@@ -77,6 +77,7 @@ import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.chrono.Chronology;
 import java.time.chrono.IsoChronology;
@@ -1228,10 +1229,10 @@ public final class YearMonth
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/ZoneId.java
+++ b/src/share/classes/java/time/ZoneId.java
@@ -64,6 +64,7 @@ package java.time;
 import java.io.DataOutput;
 import java.io.IOException;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.format.DateTimeFormatterBuilder;
 import java.time.format.TextStyle;
@@ -622,10 +623,10 @@ public abstract class ZoneId implements Serializable {
    //-----------------------------------------------------------------------
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/ZoneOffset.java
+++ b/src/share/classes/java/time/ZoneOffset.java
@@ -70,6 +70,7 @@ import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.temporal.ChronoField;
 import java.time.temporal.Temporal;
@@ -767,10 +768,10 @@ public final class ZoneOffset
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/ZoneRegion.java
+++ b/src/share/classes/java/time/ZoneRegion.java
@@ -60,7 +60,7 @@ import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
 import java.io.InvalidObjectException;
-import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.zone.ZoneRules;
 import java.time.zone.ZoneRulesException;
@@ -195,10 +195,10 @@ final class ZoneRegion extends ZoneId implements Serializable {
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/ZonedDateTime.java
+++ b/src/share/classes/java/time/ZonedDateTime.java
@@ -67,9 +67,9 @@ import static java.time.temporal.ChronoField.OFFSET_SECONDS;
 import java.io.DataOutput;
 import java.io.IOException;
-import java.io.InvalidObjectException;
 import java.io.ObjectInput;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.chrono.ChronoZonedDateTime;
 import java.time.format.DateTimeFormatter;
@@ -2224,10 +2224,10 @@ public final class ZonedDateTime
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/chrono/AbstractChronology.java
+++ b/src/share/classes/java/time/chrono/AbstractChronology.java
@@ -83,6 +83,7 @@ import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.ObjectStreamException;
 import java.io.Serializable;
 import java.time.DateTimeException;
@@ -764,10 +765,10 @@ public abstract class AbstractChronology implements Chronology {
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws java.io.InvalidObjectException always
     */
-    private Object readResolve() throws ObjectStreamException {
+    private void readObject(ObjectInputStream s) throws ObjectStreamException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/chrono/ChronoLocalDateTimeImpl.java
+++ b/src/share/classes/java/time/chrono/ChronoLocalDateTimeImpl.java
@@ -66,8 +66,8 @@ import static java.time.temporal.ChronoField.EPOCH_DAY;
 import java.io.IOException;
 import java.io.InvalidObjectException;
 import java.io.ObjectInput;
+import java.io.ObjectInputStream;
 import java.io.ObjectOutput;
-import java.io.ObjectStreamException;
 import java.io.Serializable;
 import java.time.LocalTime;
 import java.time.ZoneId;
@@ -415,10 +415,10 @@ final class ChronoLocalDateTimeImpl<D extends ChronoLocalDate>
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/chrono/ChronoPeriodImpl.java
+++ b/src/share/classes/java/time/chrono/ChronoPeriodImpl.java
@@ -65,6 +65,7 @@ import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.ObjectStreamException;
 import java.io.Serializable;
 import java.time.DateTimeException;
@@ -374,10 +375,10 @@ final class ChronoPeriodImpl
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws ObjectStreamException {
+    private void readObject(ObjectInputStream s) throws ObjectStreamException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/chrono/ChronoZonedDateTimeImpl.java
+++ b/src/share/classes/java/time/chrono/ChronoZonedDateTimeImpl.java
@@ -66,8 +66,8 @@ import static java.time.temporal.ChronoUnit.SECONDS;
 import java.io.IOException;
 import java.io.InvalidObjectException;
 import java.io.ObjectInput;
+import java.io.ObjectInputStream;
 import java.io.ObjectOutput;
-import java.io.ObjectStreamException;
 import java.io.Serializable;
 import java.time.Instant;
 import java.time.LocalDateTime;
@@ -339,10 +339,10 @@ final class ChronoZonedDateTimeImpl<D extends ChronoLocalDate>
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/chrono/HijrahChronology.java
+++ b/src/share/classes/java/time/chrono/HijrahChronology.java
@@ -64,7 +64,7 @@ import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InvalidObjectException;
-import java.io.ObjectStreamException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.security.AccessController;
 import java.security.PrivilegedActionException;
@@ -1095,10 +1095,10 @@ public final class HijrahChronology extends AbstractChronology implements Serial
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }
 }
--- a/src/share/classes/java/time/chrono/HijrahDate.java
+++ b/src/share/classes/java/time/chrono/HijrahDate.java
@@ -67,6 +67,7 @@ import static java.time.temporal.ChronoField.YEAR;
 import java.io.IOException;
 import java.io.InvalidObjectException;
 import java.io.ObjectInput;
+import java.io.ObjectInputStream;
 import java.io.ObjectOutput;
 import java.io.Serializable;
 import java.time.Clock;
@@ -610,10 +611,10 @@ public final class HijrahDate
    //-----------------------------------------------------------------------
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/chrono/IsoChronology.java
+++ b/src/share/classes/java/time/chrono/IsoChronology.java
@@ -62,7 +62,6 @@
 package java.time.chrono;
 import java.io.InvalidObjectException;
-import java.io.ObjectStreamException;
 import static java.time.temporal.ChronoField.DAY_OF_MONTH;
 import static java.time.temporal.ChronoField.ERA;
 import static java.time.temporal.ChronoField.MONTH_OF_YEAR;
@@ -70,6 +69,7 @@ import static java.time.temporal.ChronoField.PROLEPTIC_MONTH;
 import static java.time.temporal.ChronoField.YEAR;
 import static java.time.temporal.ChronoField.YEAR_OF_ERA;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.Clock;
 import java.time.DateTimeException;
@@ -603,10 +603,10 @@ public final class IsoChronology extends AbstractChronology implements Serializa
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }
 }
--- a/src/share/classes/java/time/chrono/JapaneseChronology.java
+++ b/src/share/classes/java/time/chrono/JapaneseChronology.java
@@ -66,6 +66,7 @@ import static java.time.temporal.ChronoUnit.DAYS;
 import static java.time.temporal.ChronoUnit.MONTHS;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.Clock;
 import java.time.DateTimeException;
@@ -523,10 +524,10 @@ public final class JapaneseChronology extends AbstractChronology implements Seri
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }
 }
--- a/src/share/classes/java/time/chrono/JapaneseDate.java
+++ b/src/share/classes/java/time/chrono/JapaneseDate.java
@@ -68,6 +68,7 @@ import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.Clock;
 import java.time.DateTimeException;
@@ -697,10 +698,10 @@ public final class JapaneseDate
    //-----------------------------------------------------------------------
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/chrono/JapaneseEra.java
+++ b/src/share/classes/java/time/chrono/JapaneseEra.java
@@ -68,6 +68,7 @@ import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.ObjectStreamException;
 import java.io.Serializable;
 import java.time.DateTimeException;
@@ -171,24 +172,6 @@ public final class JapaneseEra
        this.since = since;
    }
-    /**
-     * Returns the singleton {@code JapaneseEra} corresponding to this object.
-     * It's possible that this version of {@code JapaneseEra} doesn't support the latest era value.
-     * In that case, this method throws an {@code ObjectStreamException}.
-     *
-     * @return the singleton {@code JapaneseEra} for this object
-     * @throws ObjectStreamException if the deserialized object has any unknown numeric era value.
-     */
-    private Object readResolve() throws ObjectStreamException {
-        try {
-            return of(eraValue);
-        } catch (DateTimeException e) {
-            InvalidObjectException ex = new InvalidObjectException("Invalid era");
-            ex.initCause(e);
-            throw ex;
-        }
-    }
    //-----------------------------------------------------------------------
    /**
     * Returns the Sun private Era instance corresponding to this {@code JapaneseEra}.
@@ -212,7 +195,7 @@ public final class JapaneseEra
     * @throws DateTimeException if the value is invalid
     */
    public static JapaneseEra of(int japaneseEra) {
-        if (japaneseEra < MEIJI.eraValue || japaneseEra > HEISEI.eraValue) {
+        if (japaneseEra < MEIJI.eraValue || japaneseEra + ERA_OFFSET - 1 >= KNOWN_ERAS.length) {
            throw new DateTimeException("Invalid era: " + japaneseEra);
        }
        return KNOWN_ERAS[ordinal(japaneseEra)];
@@ -370,6 +353,16 @@ public final class JapaneseEra
        return getName();
    }
+    //-----------------------------------------------------------------------
+    /**
+     * Defend against malicious streams.
+     *
+     * @throws InvalidObjectException always
+     */
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
+        throw new InvalidObjectException("Deserialization via serialization delegate");
+    }
    //-----------------------------------------------------------------------
    /**
     * Writes the object using a

--- a/src/share/classes/java/time/chrono/MinguoChronology.java
+++ b/src/share/classes/java/time/chrono/MinguoChronology.java
@@ -57,10 +57,10 @@
 package java.time.chrono;
 import java.io.InvalidObjectException;
-import java.io.ObjectStreamException;
 import static java.time.temporal.ChronoField.PROLEPTIC_MONTH;
 import static java.time.temporal.ChronoField.YEAR;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.Clock;
 import java.time.DateTimeException;
@@ -354,10 +354,10 @@ public final class MinguoChronology extends AbstractChronology implements Serial
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }
 }
--- a/src/share/classes/java/time/chrono/MinguoDate.java
+++ b/src/share/classes/java/time/chrono/MinguoDate.java
@@ -65,6 +65,7 @@ import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.Clock;
 import java.time.DateTimeException;
@@ -459,10 +460,10 @@ public final class MinguoDate
    //-----------------------------------------------------------------------
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/chrono/ThaiBuddhistChronology.java
+++ b/src/share/classes/java/time/chrono/ThaiBuddhistChronology.java
@@ -57,10 +57,10 @@
 package java.time.chrono;
 import java.io.InvalidObjectException;
-import java.io.ObjectStreamException;
 import static java.time.temporal.ChronoField.PROLEPTIC_MONTH;
 import static java.time.temporal.ChronoField.YEAR;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.Clock;
 import java.time.DateTimeException;
@@ -390,10 +390,10 @@ public final class ThaiBuddhistChronology extends AbstractChronology implements
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }
 }
--- a/src/share/classes/java/time/chrono/ThaiBuddhistDate.java
+++ b/src/share/classes/java/time/chrono/ThaiBuddhistDate.java
@@ -65,6 +65,7 @@ import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.Clock;
 import java.time.DateTimeException;
@@ -459,10 +460,10 @@ public final class ThaiBuddhistDate
    //-----------------------------------------------------------------------
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/temporal/ValueRange.java
+++ b/src/share/classes/java/time/temporal/ValueRange.java
@@ -61,7 +61,9 @@
 */
 package java.time.temporal;
+import java.io.IOException;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.DateTimeException;
@@ -338,18 +340,27 @@ public final class ValueRange implements Serializable {
        }
    }
+    //-----------------------------------------------------------------------
    /**
-     * Return the ValueRange for the serialized values.
+     * Restore the state of an ValueRange from the stream.
-     * The values are validated according to the constraints of the {@link #of}
+     * Check that the values are valid.
-     * factory method.
+     * @throws InvalidObjectException if
-     * @return the ValueRange for the serialized fields
+     *     the smallest minimum is greater than the smallest maximum,
-     * @throws InvalidObjectException if the serialized object has invalid values
+     *  or the smallest maximum is greater than the largest maximum
+     *  or the largest minimum is greater than the largest maximum
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s)
-        try {
+         throws IOException, ClassNotFoundException, InvalidObjectException
-            return of(minSmallest, minLargest, maxSmallest, maxLargest);
+    {
-        } catch (IllegalArgumentException iae) {
+        s.defaultReadObject();
-            throw new InvalidObjectException("Invalid serialized ValueRange: " + iae.getMessage());
+        if (minSmallest > minLargest) {
+            throw new InvalidObjectException("Smallest minimum value must be less than largest minimum value");
+        }
+        if (maxSmallest > maxLargest) {
+            throw new InvalidObjectException("Smallest maximum value must be less than largest maximum value");
+        }
+        if (minLargest > maxLargest) {
+            throw new InvalidObjectException("Minimum value must be less than maximum value");
        }
    }

--- a/src/share/classes/java/time/temporal/WeekFields.java
+++ b/src/share/classes/java/time/temporal/WeekFields.java
@@ -72,7 +72,9 @@ import static java.time.temporal.ChronoUnit.MONTHS;
 import static java.time.temporal.ChronoUnit.WEEKS;
 import static java.time.temporal.ChronoUnit.YEARS;
+import java.io.IOException;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.DateTimeException;
 import java.time.DayOfWeek;
@@ -339,6 +341,25 @@ public final class WeekFields implements Serializable {
    }
    //-----------------------------------------------------------------------
+    /**
+     * Restore the state of a WeekFields from the stream.
+     * Check that the values are valid.
+     * @throws InvalidObjectException if the serialized object has an invalid
+     *     value for firstDayOfWeek or minimalDays.
+     */
+    private void readObject(ObjectInputStream s)
+         throws IOException, ClassNotFoundException, InvalidObjectException
+    {
+        s.defaultReadObject();
+        if (firstDayOfWeek == null) {
+            throw new InvalidObjectException("firstDayOfWeek is null");
+        }
+        if (minimalDays < 1 || minimalDays > 7) {
+            throw new InvalidObjectException("Minimal number of days is invalid");
+        }
+    }
    /**
     * Return the singleton WeekFields associated with the
     * {@code firstDayOfWeek} and {@code minimalDays}.

--- a/src/share/classes/java/time/zone/ZoneOffsetTransition.java
+++ b/src/share/classes/java/time/zone/ZoneOffsetTransition.java
@@ -65,6 +65,7 @@ import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.Duration;
 import java.time.Instant;
@@ -172,10 +173,9 @@ public final class ZoneOffsetTransition
    //-----------------------------------------------------------------------
    /**
     * Defend against malicious streams.
-     * @return never
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/zone/ZoneOffsetTransitionRule.java
+++ b/src/share/classes/java/time/zone/ZoneOffsetTransitionRule.java
@@ -68,6 +68,7 @@ import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.DayOfWeek;
 import java.time.LocalDate;
@@ -233,10 +234,10 @@ public final class ZoneOffsetTransitionRule implements Serializable {
    //-----------------------------------------------------------------------
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/src/share/classes/java/time/zone/ZoneRules.java
+++ b/src/share/classes/java/time/zone/ZoneRules.java
@@ -65,6 +65,7 @@ import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
 import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.Serializable;
 import java.time.Duration;
 import java.time.Instant;
@@ -317,10 +318,10 @@ public final class ZoneRules implements Serializable {
    /**
     * Defend against malicious streams.
-     * @return never
+     *
     * @throws InvalidObjectException always
     */
-    private Object readResolve() throws InvalidObjectException {
+    private void readObject(ObjectInputStream s) throws InvalidObjectException {
        throw new InvalidObjectException("Deserialization via serialization delegate");
    }

--- a/test/java/time/tck/java/time/AbstractTCKTest.java
+++ b/test/java/time/tck/java/time/AbstractTCKTest.java
@@ -58,17 +58,18 @@ package tck.java.time;
 import static org.testng.Assert.assertEquals;
 import static org.testng.Assert.assertSame;
+import static org.testng.Assert.fail;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.DataInputStream;
+import java.io.DataOutputStream;
 import java.io.IOException;
 import java.io.ObjectInputStream;
 import java.io.ObjectOutputStream;
 import java.io.ObjectStreamConstants;
 import java.io.Serializable;
 import java.lang.reflect.Field;
-import java.util.Arrays;
 import java.util.Formatter;
 /**
@@ -164,6 +165,42 @@ public abstract class AbstractTCKTest {
        }
    }
+    /**
+     * Verify the class cannot be deserialized from a handcoded stream.
+     * Fail if the deserialization does <em>not</em> throw an Exception.
+     * @param serClass the class to embed in the handcoded stream
+     * @throws Exception if an unexpected condition occurs
+     */
+    protected static void assertNotSerializable(Class<?> serClass) throws Exception {
+        Field field = serClass.getDeclaredField("serialVersionUID");
+        field.setAccessible(true);
+        long serVer = (Long) field.get(null);
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        try (DataOutputStream out = new DataOutputStream(baos)) {
+            out.writeShort(ObjectStreamConstants.STREAM_MAGIC);
+            out.writeShort(ObjectStreamConstants.STREAM_VERSION);
+            out.writeByte(ObjectStreamConstants.TC_OBJECT);
+            out.writeByte(ObjectStreamConstants.TC_CLASSDESC);
+            out.writeUTF(serClass.getName());
+            out.writeLong(serVer);
+            out.writeByte(ObjectStreamConstants.SC_SERIALIZABLE);   // Flags ObjectStreamConstants
+            out.writeShort(0);  // number of fields
+            out.writeByte(ObjectStreamConstants.TC_ENDBLOCKDATA);
+            out.writeByte(ObjectStreamConstants.TC_NULL);  // no superclasses
+        }
+        byte[] bytes = baos.toByteArray();
+        try (ByteArrayInputStream bis = new ByteArrayInputStream(bytes);
+            ObjectInputStream in = new ObjectInputStream(bis)) {
+            Object o = in.readObject();
+        } catch (Exception ioe) {
+            // Expected exception
+            return;
+        }
+        fail("Class should not be deserializable " + serClass.getName());
+    }
    /**
     * Utility method to dump a byte array in a java syntax.

--- a/test/java/time/tck/java/time/chrono/serial/TCKChronoLocalDateSerialization.java
+++ b/test/java/time/tck/java/time/chrono/serial/TCKChronoLocalDateSerialization.java
@@ -161,4 +161,25 @@ public class TCKChronoLocalDateSerialization extends AbstractTCKTest {
        assertSerializedBySer(date, hijrahDateBytes, hijrahChronoBytes, dateBytes);
    }
+    //-----------------------------------------------------------------------
+    // Regular data factory for names and descriptions of available calendars
+    //-----------------------------------------------------------------------
+    @DataProvider(name = "invalidSerialformClasses")
+    Object[][] invalid_serial_classes() {
+        return new Object[][]{
+            {JapaneseEra.class},
+            {JapaneseDate.class},
+            {MinguoDate.class},
+            {ThaiBuddhistDate.class},
+            {HijrahDate.class},
+        };
+    }
+    @Test(dataProvider="invalidSerialformClasses")
+    public void test_invalid_serialform(Class<?> clazz) throws Exception {
+        assertNotSerializable(clazz);
+    }
 }
--- a/test/java/time/tck/java/time/chrono/serial/TCKChronologySerialization.java
+++ b/test/java/time/tck/java/time/chrono/serial/TCKChronologySerialization.java
@@ -111,4 +111,24 @@ public class TCKChronologySerialization extends AbstractTCKTest {
        assertSerializedBySer(chrono, bytes);
    }
+    //-----------------------------------------------------------------------
+    // Regular data factory for names and descriptions of available calendars
+    //-----------------------------------------------------------------------
+    @DataProvider(name = "invalidSerialformClasses")
+    Object[][] invalid_serial_classes() {
+        return new Object[][]{
+            {IsoChronology.class},
+            {JapaneseChronology.class},
+            {MinguoChronology.class},
+            {ThaiBuddhistChronology.class},
+            {HijrahChronology.class},
+        };
+    }
+    @Test(dataProvider="invalidSerialformClasses")
+    public void test_invalid_serialform(Class<?> clazz) throws Exception {
+        assertNotSerializable(clazz);
+    }
 }
--- a/test/java/time/tck/java/time/serial/TCKDurationSerialization.java
+++ b/test/java/time/tck/java/time/serial/TCKDurationSerialization.java
@@ -110,4 +110,9 @@ public class TCKDurationSerialization extends AbstractTCKTest {
        assertSerializableSame(Duration.ZERO);
    }
+    @Test
+    public void test_invalid_serialform() throws Exception {
+        assertNotSerializable(Duration.class);
+    }
 }
--- a/test/java/time/tck/java/time/serial/TCKInstantSerialization.java
+++ b/test/java/time/tck/java/time/serial/TCKInstantSerialization.java
@@ -91,5 +91,10 @@ public class TCKInstantSerialization extends AbstractTCKTest {
        assertSerializedBySer(Instant.ofEpochSecond(654321, 123456789), bytes);
    }
+    @Test
+    public void test_invalid_serialform() throws Exception {
+        assertNotSerializable(Instant.class);
+    }
 }
--- a/test/java/time/tck/java/time/serial/TCKLocalDateSerialization.java
+++ b/test/java/time/tck/java/time/serial/TCKLocalDateSerialization.java
@@ -102,4 +102,9 @@ public class TCKLocalDateSerialization extends AbstractTCKTest {
        assertSerializedBySer(LocalDate.of(2012, 9, 16), bytes);
    }
+    @Test
+    public void test_invalid_serialform() throws Exception {
+        assertNotSerializable(LocalDate.class);
+    }
 }
--- a/test/java/time/tck/java/time/serial/TCKLocalDateTimeSerialization.java
+++ b/test/java/time/tck/java/time/serial/TCKLocalDateTimeSerialization.java
@@ -99,4 +99,9 @@ public class TCKLocalDateTimeSerialization extends AbstractTCKTest {
        assertSerializedBySer(LocalDateTime.of(2012, 9, 16, 22, 17, 59, 459_000_000), bytes);
    }
+    @Test
+    public void test_invalid_serialform() throws Exception {
+        assertNotSerializable(LocalDateTime.class);
+    }
 }
--- a/test/java/time/tck/java/time/serial/TCKLocalTimeSerialization.java
+++ b/test/java/time/tck/java/time/serial/TCKLocalTimeSerialization.java
@@ -141,5 +141,9 @@ public class TCKLocalTimeSerialization extends AbstractTCKTest {
        assertSerializedBySer(LocalTime.of(22, 17, 59, 459_000_000), bytes);
    }
+    @Test
+    public void test_invalid_serialform() throws Exception {
+        assertNotSerializable(LocalTime.class);
+    }
 }
--- a/test/java/time/tck/java/time/serial/TCKMonthDaySerialization.java
+++ b/test/java/time/tck/java/time/serial/TCKMonthDaySerialization.java
@@ -99,4 +99,9 @@ public class TCKMonthDaySerialization extends AbstractTCKTest {
        assertSerializedBySer(MonthDay.of(9, 16), bytes);
    }
+    @Test
+    public void test_invalid_serialform() throws Exception {
+        assertNotSerializable(MonthDay.class);
+    }
 }
--- a/test/java/time/tck/java/time/serial/TCKOffsetDateTimeSerialization.java
+++ b/test/java/time/tck/java/time/serial/TCKOffsetDateTimeSerialization.java
@@ -111,4 +111,9 @@ public class TCKOffsetDateTimeSerialization extends AbstractTCKTest {
        assertSerializedBySer(OffsetDateTime.of(ldt, ZoneOffset.ofHours(1)), bytes);
    }
+    @Test
+    public void test_invalid_serialform() throws Exception {
+        assertNotSerializable(OffsetDateTime.class);
+    }
 }
--- a/test/java/time/tck/java/time/serial/TCKOffsetTimeSerialization.java
+++ b/test/java/time/tck/java/time/serial/TCKOffsetTimeSerialization.java
@@ -107,5 +107,9 @@ public class TCKOffsetTimeSerialization extends AbstractTCKTest {
        assertSerializedBySer(OffsetTime.of(22, 17, 59, 464_000_000, ZoneOffset.ofHours(1)), bytes);
    }
+    @Test
+    public void test_invalid_serialform() throws Exception {
+        assertNotSerializable(OffsetTime.class);
+    }
 }
--- a/test/java/time/tck/java/time/serial/TCKPeriodSerialization.java
+++ b/test/java/time/tck/java/time/serial/TCKPeriodSerialization.java
@@ -78,4 +78,9 @@ public class TCKPeriodSerialization extends AbstractTCKTest {
        assertSerializable(Period.of(1, 2, 3));
    }
+    @Test
+    public void test_invalid_serialform() throws Exception {
+        assertNotSerializable(Period.class);
+    }
 }
--- a/test/java/time/tck/java/time/serial/TCKYearMonthSerialization.java
+++ b/test/java/time/tck/java/time/serial/TCKYearMonthSerialization.java
@@ -100,4 +100,9 @@ public class TCKYearMonthSerialization extends AbstractTCKTest {
        assertSerializedBySer(YearMonth.of(2012, 9), bytes);
    }
+    @Test
+    public void test_invalid_serialform() throws Exception {
+        assertNotSerializable(YearMonth.class);
+    }
 }
--- a/test/java/time/tck/java/time/serial/TCKYearSerialization.java
+++ b/test/java/time/tck/java/time/serial/TCKYearSerialization.java
@@ -91,4 +91,9 @@ public class TCKYearSerialization extends AbstractTCKTest {
        assertSerializedBySer(Year.of(2012), bytes);
    }
+    @Test
+    public void test_invalid_serialform() throws Exception {
+        assertNotSerializable(Year.class);
+    }
 }
--- a/test/java/time/tck/java/time/serial/TCKZoneOffsetSerialization.java
+++ b/test/java/time/tck/java/time/serial/TCKZoneOffsetSerialization.java
@@ -114,5 +114,9 @@ public class TCKZoneOffsetSerialization extends AbstractTCKTest {
        assertSerializedBySer(ZoneOffset.ofTotalSeconds(53265), bytes);
    }
+    @Test
+    public void test_invalid_serialform() throws Exception {
+        assertNotSerializable(ZoneOffset.class);
+    }
 }
--- a/test/java/time/tck/java/time/serial/TCKZonedDateTimeSerialization.java
+++ b/test/java/time/tck/java/time/serial/TCKZonedDateTimeSerialization.java
@@ -139,4 +139,9 @@ public class TCKZonedDateTimeSerialization extends AbstractTCKTest {
        assertSerializedBySer(zdt, bytes);
    }
+    @Test
+    public void test_invalid_serialform() throws Exception {
+        assertNotSerializable(ZonedDateTime.class);
+    }
 }
--- a/test/java/time/tck/java/time/temporal/serial/TCKValueRangeSerialization.java
+++ b/test/java/time/tck/java/time/temporal/serial/TCKValueRangeSerialization.java
@@ -60,11 +60,16 @@
 package tck.java.time.temporal.serial;
 import static org.testng.Assert.assertEquals;
+import static org.testng.Assert.fail;
+import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 import java.io.ObjectOutputStream;
 import java.time.temporal.ValueRange;
+import java.util.Arrays;
 import org.testng.annotations.Test;
@@ -117,4 +122,57 @@ public class TCKValueRangeSerialization extends AbstractTCKTest {
        }
    }
+    @Test
+    public void test_invalid_serialform() throws Exception {
+        byte[] template = {
+            (byte)172, (byte)237,   0,   5, 115, 114,   0,  29, 106,  97, /* \u00ac \u00ed \u0000 \u0005 s r \u0000 \u001d j a */
+            118,  97,  46, 116, 105, 109, 101,  46, 116, 101, /* v a . t i m e . t e */
+            109, 112, 111, 114,  97, 108,  46,  86,  97, 108, /* m p o r a l . V a l */
+            117, 101,  82,  97, 110, 103, 101, (byte)154, 113, (byte)169, /* u e R a n g e \u009a q \u00a9 */
+             86, (byte)242, (byte)205,  90, (byte)184,   2,   0,   4,  74,   0, /* V \u00f2 \u00cd Z \u00b8 \u0002 \u0000 \u0004 J \u0000 */
+             10, 109,  97, 120,  76,  97, 114, 103, 101, 115, /*  m a x L a r g e s */
+            116,  74,   0,  11, 109,  97, 120,  83, 109,  97, /* t J \u0000 \u000b m a x S m a */
+            108, 108, 101, 115, 116,  74,   0,  10, 109, 105,/* l l e s t J \u0000 m i */
+            110,  76,  97, 114, 103, 101, 115, 116,  74,   0, /* n L a r g e s t J \u0000 */
+             11, 109, 105, 110,  83, 109,  97, 108, 108, 101, /* \u000b m i n S m a l l e */
+            115, 116, 120, 112,   0,   0,   0,   0,   0,   0, /* s t x p \u0000 \u0000 \u0000 \u0000 \u0000 \u0000 */
+              0,  40,   0,   0,   0,   0,   0,   0,   0,  30, /* \u0000 ( \u0000 \u0000 \u0000 \u0000 \u0000 \u0000 \u0000 \u001e */
+              0,   0,   0,   0,   0,   0,   0,  20,   0,   0, /* \u0000 \u0000 \u0000 \u0000 \u0000 \u0000 \u0000 \u0014 \u0000 \u0000 */
+              0,   0,   0,   0,   0,  10,                     /* \u0000 \u0000 \u0000 \u0000 \u0000 */
+        };
+        // minSmallest > minLargest, insert invalid values and deserialize
+        byte[] bad1 = {0, 0, 0, 2, 0, 0, 0, 1, 0, 0, 0, 3, 0, 0, 0, 4};
+        byte[] val = Arrays.copyOf(template, template.length);
+        System.arraycopy(bad1, 0, val, 114, bad1.length);
+        try (ObjectInputStream in = new ObjectInputStream(new ByteArrayInputStream(val))) {
+            in.readObject();
+            fail("Invalid minSmallest > minLargest " + ValueRange.class.getName());
+        } catch (InvalidObjectException ioe) {
+            // Expected exception
+        }
+        // maxSmallest > maxLargest, insert invalid values and deserialize
+        byte[] bad2 = {0, 0, 0, 1, 0, 0, 0, 2, 0, 0, 0, 4, 0, 0, 0, 3};
+        val = Arrays.copyOf(template, template.length);
+        System.arraycopy(bad1, 0, val, 114, bad2.length);
+        try (ObjectInputStream in = new ObjectInputStream(new ByteArrayInputStream(val))) {
+            in.readObject();
+            fail("Invalid maxSmallest > maxLargest " + ValueRange.class.getName());
+        } catch (InvalidObjectException ioe) {
+            // Expected exception
+        }
+        // minLagest > maxLargest, insert invalid values and deserialize
+        byte[] bad3 = {0, 0, 0, 1, 0, 0, 0, 5, 0, 0, 0, 3, 0, 0, 0, 4};
+        val = Arrays.copyOf(template, template.length);
+        System.arraycopy(bad1, 0, val, 114, bad3.length);
+        try (ObjectInputStream in = new ObjectInputStream(new ByteArrayInputStream(val))) {
+            in.readObject();
+            fail("Invalid minLagest > maxLargest " + ValueRange.class.getName());
+        } catch (InvalidObjectException ioe) {
+            // Expected exception
+        }
+    }
 }
--- a/test/java/time/tck/java/time/temporal/serial/TCKWeekFieldsSerialization.java
+++ b/test/java/time/tck/java/time/temporal/serial/TCKWeekFieldsSerialization.java
@@ -56,13 +56,21 @@
 */
 package tck.java.time.temporal.serial;
+import static org.testng.Assert.assertEquals;
+import static org.testng.Assert.fail;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
 import org.testng.annotations.DataProvider;
 import org.testng.annotations.Test;
 import tck.java.time.AbstractTCKTest;
 import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
 import java.time.DayOfWeek;
 import java.time.temporal.WeekFields;
+import java.util.Arrays;
 /**
 * Test serialization of WeekFields.
@@ -90,5 +98,58 @@ public class TCKWeekFieldsSerialization extends AbstractTCKTest {
        return objects;
    }
+    @Test
+    public void test_invalid_serialform() throws Exception {
+        WeekFields wf = WeekFields.of(DayOfWeek.MONDAY, 7);
+        ByteArrayOutputStream baos = new ByteArrayOutputStream(64);
+        ObjectOutputStream out = new ObjectOutputStream(baos);
+        out.writeObject(wf);
+        byte[] template = baos.toByteArray();
+        // (minimalDays = 5) {
+        byte[] good1 = {0, 0, 0, 5};
+        byte[] val = Arrays.copyOf(template, template.length);
+        System.arraycopy(good1, 0, val, 105, good1.length);
+        try (ObjectInputStream in = new ObjectInputStream(new ByteArrayInputStream(val))) {
+            Object o = in.readObject();
+            assertEquals(o, WeekFields.of(DayOfWeek.MONDAY, 5), "Should be MONDAY, min = 5");
+        } catch (Exception ioe) {
+            fail("Unexpected exception " + ioe);
+        }
+        // (minimalDays < 1) {
+        byte[] bad1 = {0, 0, 0, 0};
+        val = Arrays.copyOf(template, template.length);
+        System.arraycopy(bad1, 0, val, 105, bad1.length);
+        try (ObjectInputStream in = new ObjectInputStream(new ByteArrayInputStream(val))) {
+            in.readObject();
+            fail("Invalid minimalDays < 1 " + WeekFields.class.getName());
+        } catch (Exception ioe) {
+            // Expected exception
+        }
+        // (minimalDays > 7) {
+        byte[] bad2 = {0, 0, 0, 8};
+        val = Arrays.copyOf(template, template.length);
+        System.arraycopy(bad2, 0, val, 105, bad2.length);
+        try (ObjectInputStream in = new ObjectInputStream(new ByteArrayInputStream(val))) {
+            in.readObject();
+            fail("Invalid minimalDays > 7 " + WeekFields.class.getName());
+        } catch (Exception ioe) {
+            // Expected exception
+        }
+        // (StartDay = null) {
+        byte[] bad3 = {0x70};
+        val = Arrays.copyOf(template, 110);
+        System.arraycopy(bad3, 0, val, 105 + 4, bad3.length);
+        try (ObjectInputStream in = new ObjectInputStream(new ByteArrayInputStream(val))) {
+            in.readObject();
+            fail("Invalid startDay == null " + WeekFields.class.getName());
+        } catch (Exception ioe) {
+            // Expected exception
+        }
+    }
 }
--- a/test/java/time/tck/java/time/zone/serial/TCKZoneOffsetTransitionRuleSerialization.java
+++ b/test/java/time/tck/java/time/zone/serial/TCKZoneOffsetTransitionRuleSerialization.java
@@ -133,4 +133,9 @@ public class TCKZoneOffsetTransitionRuleSerialization extends AbstractTCKTest {
        assertSerializable(test);
    }
+    @Test
+    public void test_invalid_serialform() throws Exception {
+        assertNotSerializable(ZoneOffsetTransitionRule.class);
+    }
 }
--- a/test/java/time/tck/java/time/zone/serial/TCKZoneOffsetTransitionSerialization.java
+++ b/test/java/time/tck/java/time/zone/serial/TCKZoneOffsetTransitionSerialization.java
@@ -110,4 +110,9 @@ public class TCKZoneOffsetTransitionSerialization extends AbstractTCKTest {
        assertSerializable(test);
    }
+    @Test
+    public void test_invalid_serialform() throws Exception {
+        assertNotSerializable(ZoneOffsetTransition.class);
+    }
 }
--- a/test/java/time/tck/java/time/zone/serial/TCKZoneRulesSerialization.java
+++ b/test/java/time/tck/java/time/zone/serial/TCKZoneRulesSerialization.java
@@ -70,11 +70,13 @@ import java.time.zone.ZoneRules;
 import static org.testng.Assert.assertEquals;
+import tck.java.time.AbstractTCKTest;
 /**
 * Test serialization of ZoneRules.
 */
 @Test
-public class TCKZoneRulesSerialization {
+public class TCKZoneRulesSerialization extends AbstractTCKTest{
    public void test_serialization_loaded() throws Exception {
        assertSerialization(europeLondon());
@@ -118,5 +120,9 @@ public class TCKZoneRulesSerialization {
        return ZoneId.of("America/New_York").getRules();
    }
+    @Test
+    public void test_invalid_serialform() throws Exception {
+        assertNotSerializable(ZoneRules.class);
+    }
 }