From dba6a3ecab6ebf3da07e96aa9b301b7f2b55a86f Mon Sep 17 00:00:00 2001
From: dmocek <unknown>
Date: Mon, 4 Mar 2013 14:34:15 -0800
Subject: [PATCH] 8000638: Improve deserialization Reviewed-by: smarks, hawtin,
 mchung

---
 src/share/classes/java/io/ObjectStreamClass.java | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/share/classes/java/io/ObjectStreamClass.java b/src/share/classes/java/io/ObjectStreamClass.java
index 41b116d41..71f278e1b 100644
--- a/src/share/classes/java/io/ObjectStreamClass.java
+++ b/src/share/classes/java/io/ObjectStreamClass.java
@@ -1151,7 +1151,14 @@ public class ObjectStreamClass implements Serializable {
             end = end.getSuperclass();
         }
 
+        HashSet<String> oscNames = new HashSet<>(3);
+
         for (ObjectStreamClass d = this; d != null; d = d.superDesc) {
+            if (oscNames.contains(d.name)) {
+                throw new InvalidClassException("Circular reference.");
+            } else {
+                oscNames.add(d.name);
+            }
 
             // search up inheritance hierarchy for class with matching name
             String searchName = (d.cl != null) ? d.cl.getName() : d.name;
-- 
GitLab