diff options
| author | Neil Fuller <nfuller@google.com> | 2014-06-25 17:54:12 +0100 |
|---|---|---|
| committer | Paul Kocialkowski <contact@paulk.fr> | 2015-08-30 23:04:25 +0200 |
| commit | 74ebabb6156cd62e8fb877f08caf3c88f357fdcd (patch) | |
| tree | 019bc345af31fd3e83d6b8978b3849d964c0f8c4 /luni/src/main/java/java/io/ObjectStreamConstants.java | |
| parent | b32087cc78dfd13aac9e6476266cf211b179af2f (diff) | |
| download | libcore-replicant-4.2.zip libcore-replicant-4.2.tar.gz libcore-replicant-4.2.tar.bz2 | |
Add additional checks in ObjectInputStreamreplicant-4.2-0004replicant-4.2
Thanks to Jann Horn for reporting a bug in ObjectInputStream
and sending the initial patch.
Add some checks that the class of an object
being deserialized still conforms to the requirements
for serialization.
Add some checks that the class being deserialized matches
the type information (enum, serializable, externalizable)
held in the stream.
Delayed static initialization of classes until the
type of the class has been validated against the stream
content in some cases.
Added more tests.
Bug: 15874291
(cherry picked from commit 738c833d38d41f8f76eb7e77ab39add82b1ae1e2)
Change-Id: I9f5437ed60936882de56589537176466624e631d
Signed-off-by: Neil Fuller <nfuller@google.com>
Tested-by: Moritz Bandemer <replicant@posteo.mx>
Diffstat (limited to 'luni/src/main/java/java/io/ObjectStreamConstants.java')
| -rw-r--r-- | luni/src/main/java/java/io/ObjectStreamConstants.java | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/luni/src/main/java/java/io/ObjectStreamConstants.java b/luni/src/main/java/java/io/ObjectStreamConstants.java index 8228b33..95f8b03 100644 --- a/luni/src/main/java/java/io/ObjectStreamConstants.java +++ b/luni/src/main/java/java/io/ObjectStreamConstants.java @@ -149,25 +149,25 @@ public abstract interface ObjectStreamConstants { // Flags that indicate if the object was serializable, externalizable // and had a writeObject method when dumped. /** - * Bit mask for the {@code flag} field in ObjectStreamClass. Indicates - * that a serializable class has its own {@code writeObject} method. + * Bit mask for the {@code flag} field in {@link ObjectStreamClass}. Indicates + * that a {@link Serializable} class has its own {@code writeObject} method. */ public static final byte SC_WRITE_METHOD = 0x01; // If SC_SERIALIZABLE /** - * Bit mask for the {@code flag} field in ObjectStreamClass. Indicates - * that a class is serializable. + * Bit mask for the {@code flag} field in {@link ObjectStreamClass}. Indicates + * that a class implements {@link Serializable} but not {@link Externalizable}. */ public static final byte SC_SERIALIZABLE = 0x02; /** - * Bit mask for the {@code flag} field in ObjectStreamClass. Indicates - * that a class is externalizable. + * Bit mask for the {@code flag} field in {@link ObjectStreamClass}. Indicates + * that a class implements {@link Externalizable}. */ public static final byte SC_EXTERNALIZABLE = 0x04; /** - * Bit mask for the {@code flag} field in ObjectStreamClass. Indicates + * Bit mask for the {@code flag} field in {@link ObjectStreamClass}. Indicates * that an externalizable class is written in block data mode. */ public static final byte SC_BLOCK_DATA = 0x08; // If SC_EXTERNALIZABLE @@ -178,7 +178,7 @@ public abstract interface ObjectStreamConstants { public static final byte TC_ENUM = 0x7E; /** - * Bit mask for the {@code flag} field in ObjectStreamClass. Indicates + * Bit mask for the {@code flag} field in {@link ObjectStreamClass}. Indicates * that a class is an enum type. */ public static final byte SC_ENUM = 0x10; |