Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
fb29e369
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
fb29e369
编写于
5月 31, 2018
作者:
I
igerasim
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8203368: ObjectInputStream filterCheck method throws NullPointerException
Reviewed-by: bpb, smarks
上级
e4057ad1
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
128 addition
and
3 deletion
+128
-3
src/share/classes/java/io/ObjectInputStream.java
src/share/classes/java/io/ObjectInputStream.java
+5
-3
test/java/io/Serializable/serialFilter/CheckArrayTest.java
test/java/io/Serializable/serialFilter/CheckArrayTest.java
+123
-0
未找到文件。
src/share/classes/java/io/ObjectInputStream.java
浏览文件 @
fb29e369
...
@@ -1233,9 +1233,11 @@ public class ObjectInputStream
...
@@ -1233,9 +1233,11 @@ public class ObjectInputStream
if
(
serialFilter
!=
null
)
{
if
(
serialFilter
!=
null
)
{
RuntimeException
ex
=
null
;
RuntimeException
ex
=
null
;
ObjectInputFilter
.
Status
status
;
ObjectInputFilter
.
Status
status
;
// Info about the stream is not available if overridden by subclass, return 0
long
bytesRead
=
(
bin
==
null
)
?
0
:
bin
.
getBytesRead
();
try
{
try
{
status
=
serialFilter
.
checkInput
(
new
FilterValues
(
clazz
,
arrayLength
,
status
=
serialFilter
.
checkInput
(
new
FilterValues
(
clazz
,
arrayLength
,
totalObjectRefs
,
depth
,
b
in
.
getBytesRead
()
));
totalObjectRefs
,
depth
,
b
ytesRead
));
}
catch
(
RuntimeException
e
)
{
}
catch
(
RuntimeException
e
)
{
// Preventive interception of an exception to log
// Preventive interception of an exception to log
status
=
ObjectInputFilter
.
Status
.
REJECTED
;
status
=
ObjectInputFilter
.
Status
.
REJECTED
;
...
@@ -1247,7 +1249,7 @@ public class ObjectInputStream
...
@@ -1247,7 +1249,7 @@ public class ObjectInputStream
if
(
Logging
.
infoLogger
!=
null
)
{
if
(
Logging
.
infoLogger
!=
null
)
{
Logging
.
infoLogger
.
info
(
Logging
.
infoLogger
.
info
(
"ObjectInputFilter {0}: {1}, array length: {2}, nRefs: {3}, depth: {4}, bytes: {5}, ex: {6}"
,
"ObjectInputFilter {0}: {1}, array length: {2}, nRefs: {3}, depth: {4}, bytes: {5}, ex: {6}"
,
status
,
clazz
,
arrayLength
,
totalObjectRefs
,
depth
,
b
in
.
getBytesRead
()
,
status
,
clazz
,
arrayLength
,
totalObjectRefs
,
depth
,
b
ytesRead
,
Objects
.
toString
(
ex
,
"n/a"
));
Objects
.
toString
(
ex
,
"n/a"
));
}
}
InvalidClassException
ice
=
new
InvalidClassException
(
"filter status: "
+
status
);
InvalidClassException
ice
=
new
InvalidClassException
(
"filter status: "
+
status
);
...
@@ -1258,7 +1260,7 @@ public class ObjectInputStream
...
@@ -1258,7 +1260,7 @@ public class ObjectInputStream
if
(
Logging
.
traceLogger
!=
null
)
{
if
(
Logging
.
traceLogger
!=
null
)
{
Logging
.
traceLogger
.
finer
(
Logging
.
traceLogger
.
finer
(
"ObjectInputFilter {0}: {1}, array length: {2}, nRefs: {3}, depth: {4}, bytes: {5}, ex: {6}"
,
"ObjectInputFilter {0}: {1}, array length: {2}, nRefs: {3}, depth: {4}, bytes: {5}, ex: {6}"
,
status
,
clazz
,
arrayLength
,
totalObjectRefs
,
depth
,
b
in
.
getBytesRead
()
,
status
,
clazz
,
arrayLength
,
totalObjectRefs
,
depth
,
b
ytesRead
,
Objects
.
toString
(
ex
,
"n/a"
));
Objects
.
toString
(
ex
,
"n/a"
));
}
}
}
}
...
...
test/java/io/Serializable/serialFilter/CheckArrayTest.java
0 → 100644
浏览文件 @
fb29e369
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import
java.io.ByteArrayInputStream
;
import
java.io.IOException
;
import
java.io.InputStream
;
import
java.io.ObjectInputStream
;
import
java.io.InvalidClassException
;
import
java.util.Hashtable
;
import
sun.misc.ObjectInputFilter
;
import
sun.misc.SharedSecrets
;
import
org.testng.annotations.BeforeClass
;
import
org.testng.annotations.DataProvider
;
import
org.testng.annotations.Test
;
import
org.testng.Assert
;
/* @test
* @build CheckArrayTest SerialFilterTest
* @bug 8203368
* @modules java.base/jdk.internal.misc
* @run testng CheckArrayTest
*
* @summary Test the SharedSecret access to ObjectInputStream.checkArray works
* with overridden subclasses.
*/
/**
* Verify that the SharedSecret access to the OIS checkAccess method
* does not fail with NPE in the case where ObjectInputStream is subclassed.
* The checkAccess method is called from various aggregate types in java.util
* to check array sizes during deserialization via the ObjectInputFilter attached the stream.
* The filterCheck must be resilent to an InputStream not being available (only the subclass knows).
*/
public
class
CheckArrayTest
{
@DataProvider
(
name
=
"Patterns"
)
Object
[][]
patterns
()
{
return
new
Object
[][]{
new
Object
[]{
"maxarray=10"
,
10
,
new
String
[
10
]},
// successful
new
Object
[]{
"maxarray=10"
,
11
,
new
String
[
11
]},
// exception expected
};
}
/**
* Test SharedSecrets checkArray with unmodified ObjectInputStream.
*/
@Test
(
dataProvider
=
"Patterns"
)
public
void
normalOIS
(
String
pattern
,
int
arraySize
,
Object
[]
array
)
throws
IOException
{
ObjectInputFilter
filter
=
ObjectInputFilter
.
Config
.
createFilter
(
pattern
);
byte
[]
bytes
=
SerialFilterTest
.
writeObjects
(
array
);
try
(
ByteArrayInputStream
bais
=
new
ByteArrayInputStream
(
bytes
);
ObjectInputStream
ois
=
new
ObjectInputStream
(
bais
))
{
// Check the arraysize against the filter
try
{
ObjectInputFilter
.
Config
.
setObjectInputFilter
(
ois
,
filter
);
SharedSecrets
.
getJavaOISAccess
()
.
checkArray
(
ois
,
array
.
getClass
(),
arraySize
);
Assert
.
assertTrue
(
array
.
length
>=
arraySize
,
"Should have thrown InvalidClassException due to array size"
);
}
catch
(
InvalidClassException
ice
)
{
Assert
.
assertFalse
(
array
.
length
>
arraySize
,
"Should NOT have thrown InvalidClassException due to array size"
);
}
}
}
/**
* Test SharedSecrets checkArray with an ObjectInputStream subclassed to
* handle all input stream functions.
*/
@Test
(
dataProvider
=
"Patterns"
)
public
void
subclassedOIS
(
String
pattern
,
int
arraySize
,
Object
[]
array
)
throws
IOException
{
byte
[]
bytes
=
SerialFilterTest
.
writeObjects
(
array
);
try
(
ByteArrayInputStream
bais
=
new
ByteArrayInputStream
(
bytes
);
ObjectInputStream
ois
=
new
MyInputStream
(
bais
))
{
// Check the arraysize against the filter
ObjectInputFilter
filter
=
ObjectInputFilter
.
Config
.
createFilter
(
pattern
);
ObjectInputFilter
.
Config
.
setObjectInputFilter
(
ois
,
filter
);
SharedSecrets
.
getJavaOISAccess
()
.
checkArray
(
ois
,
array
.
getClass
(),
arraySize
);
Assert
.
assertTrue
(
array
.
length
>=
arraySize
,
"Should have thrown InvalidClassException due to array size"
);
}
catch
(
InvalidClassException
ice
)
{
Assert
.
assertFalse
(
array
.
length
>
arraySize
,
"Should NOT have thrown InvalidClassException due to array size"
);
}
}
/**
* Subclass OIS to disable all input stream functions of the OIS.
*/
static
class
MyInputStream
extends
ObjectInputStream
{
MyInputStream
(
InputStream
is
)
throws
IOException
{
super
();
}
public
void
close
()
{
}
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录