提交 905387a2 编写于 作者: S smarks

7201070: Serialization to conform to protocol

Reviewed-by: dmocek, ahgross, skoivu
上级 6759a406
......@@ -1752,6 +1752,12 @@ public class ObjectInputStream
ObjectStreamClass desc = readClassDesc(false);
desc.checkDeserialize();
Class<?> cl = desc.forClass();
if (cl == String.class || cl == Class.class
|| cl == ObjectStreamClass.class) {
throw new InvalidClassException("invalid class descriptor");
}
Object obj;
try {
obj = desc.isInstantiable() ? desc.newInstance() : null;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册