jdk icon indicating copy to clipboard operation
jdk copied to clipboard
verified publisher icon openjdk

8331224: ClassCastException in ObjectInputStream hides ClassNotFoundException

Open RogerRiggs opened this issue 1 year ago • 5 comments

The issue reported a ClassCastException "cannot assign instance of java.util.CollSer to field of type java.util.Map" while deserializing an object referring to an immutable Map that contained a reference to a class that was not available. Immutable Collections such as Map utilize a serialization proxy in their serialized form. During deserialization the serialization proxy (a private implementation class) was attempted to be set in a field resulting in the ClassCastException. The ClassCastException and bug hid the ClassCastException that should have been thrown.

When reading record fields or fields of a class, the results of deserialization of individual fields are recorded as dependencies of the object being constructed. The apparent bug is that the summary of those dependencies is not checked between reading the fields and invoking the constructor to create the record or assigning the fields to an object being constructed.

Progress

  • [x] Change must be properly reviewed (1 review required, with at least 1 Reviewer)
  • [x] Change must not contain extraneous whitespace
  • [x] Commit message must refer to an issue

Issue

  • JDK-8331224: ClassCastException in ObjectInputStream hides ClassNotFoundException (Bug - P4)

Reviewers

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/19043/head:pull/19043
$ git checkout pull/19043

Update a local copy of the PR:
$ git checkout pull/19043
$ git pull https://git.openjdk.org/jdk.git pull/19043/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 19043

View PR using the GUI difftool:
$ git pr show -t 19043

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/19043.diff

Webrev

Link to Webrev Comment

RogerRiggs avatar May 01 '24 18:05 RogerRiggs

:wave: Welcome back rriggs! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

bridgekeeper[bot] avatar May 01 '24 18:05 bridgekeeper[bot]

@RogerRiggs This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8331224: ClassCastException in ObjectInputStream hides ClassNotFoundException

Reviewed-by: smarks

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 280 new commits pushed to the master branch:

  • 0a58cffe88ba823e71fcdcca64b784ed04ca5398: 8298405: Implement JEP 467: Markdown Documentation Comments
  • 39a55e97799b5328da85aaa66c8d23175b305691: 8324809: compiler can crash with SOE while proving if two recursive types are disjoint
  • b7ae0ae1d7481e66a07f40bf01c5614fdf44c2ed: 8328572: JFR: Use Class.forPrimitiveName(String)
  • e611151796d71c40a9395cb6fbe734f36d4c1b55: 8331281: RISC-V: C2: Support vector-scalar and vector-immediate bitwise logic instructions
  • 44bdf9964eb2dd0eb4034576e1f903a27c410286: 8332239: Improve CSS for block tags
  • 9bb6169a1cba900fa79d63119696efe265762083: 8317621: --add-script should support JavaScript modules
  • 4eb1eaf04477b9a8947a57655cf36380b5b88b5c: 8329617: Update stylesheet for specs and tool documentation
  • d4c2edf2c91a790874c80f1a7bea5bfd4f438bde: 8331855: Convert jdk.jdeps jdeprscan and jdeps to use the Classfile API
  • beeffd4671649e5d8f9c96f0455ac90a82917234: 8332109: Convert remaining tests using com.sun.tools.classfile to ClassFile API
  • e0d1c4b38c7ad2dc67f3d14b0b179b313c85fc0a: 8321428: Deprecate for removal the package java.beans.beancontext
  • ... and 270 more: https://git.openjdk.org/jdk/compare/4dfaa9b5bd4f9733e5a67d7c5b55eaa5ad4e27e4...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

openjdk[bot] avatar May 01 '24 18:05 openjdk[bot]

@RogerRiggs The following label will be automatically applied to this pull request:

  • core-libs

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

openjdk[bot] avatar May 01 '24 18:05 openjdk[bot]

Webrevs

mlbridge[bot] avatar May 01 '24 18:05 mlbridge[bot]

Thanks for the review. I have some ideas to refactor readOrdinaryObject to split out the various subcases and be able to simplify each one. That's a separate (future) PR.

RogerRiggs avatar May 17 '24 17:05 RogerRiggs

/integrate

RogerRiggs avatar May 21 '24 14:05 RogerRiggs

Going to push as commit 8291c94bcdbb01beddc94f290f2749841404cc0c. Since your change was applied there have been 302 commits pushed to the master branch:

  • 42e3c842ae2684265c794868fc76eb0ff2dea3d9: 8332086: Remove the usage of ServiceLoader in j.u.r.RandomGeneratorFactory
  • 5cf8288b8071bdcf0c923dd7ba36f91bc7594ef3: 8332153: RISC-V: enable tests and add comment for vector shift instruct (shared by vectorization and Vector API)
  • ae9ad862ee54e119553efec919f1061dca36b954: 8331934: [s390x] Add support for primitive array C1 clone intrinsic
  • 3479b46c5bea3afd92b6ab4acd2fe7f274df38aa: 8332595: Serial: Remove unused TenuredGeneration::should_collect
  • 9bfae8891e6efa58c557bd6dac61de111a16f71e: 8332297: annotation processor that generates records sometimes fails due to NPE in javac
  • 4e169d1ed7501d1de8fd4ea326f84b6c1a34270d: 8332401: G1: TestFromCardCacheIndex.java with -XX:GCCardSizeInBytes=128 triggers underflow assertion
  • 7ffc9997bd4a93cefe30f672a5f0e9c49215d2c7: 8332498: [aarch64, x86] improving OpToAssembly output for partialSubtypeCheckConstSuper Instruct
  • e529101ea30b49a6601088ce5ab81df590fc52f0: 8332473: ubsan: growableArray.hpp:290:10: runtime error: null pointer passed as argument 1, which is declared to never be null
  • 414a7fdc5e4aae4cec25b0847bb7c163f271b4e0: 8311175: Move BufWriter::asByteBuffer to BufWriterImpl
  • 451cc239050f097060be927171fe0e46962f3356: 8332486: ClassFile API ArrayIndexOutOfBoundsException with label metadata
  • ... and 292 more: https://git.openjdk.org/jdk/compare/4dfaa9b5bd4f9733e5a67d7c5b55eaa5ad4e27e4...master

Your commit was automatically rebased without conflicts.

openjdk[bot] avatar May 21 '24 14:05 openjdk[bot]

@RogerRiggs Pushed as commit 8291c94bcdbb01beddc94f290f2749841404cc0c.

:bulb: You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

openjdk[bot] avatar May 21 '24 14:05 openjdk[bot]