re PR libgcj/2237 (serialization doesn't throw exception on failure)

Fix PR libgcj/2237: * java/io/ObjectStreamClass.java (setClass): Calculate serialVersionUID for local class and compare it against the UID from the Object Stream. Throw InvalidClassException upon mismatch. (setUID): Renamed to... (getClassUID): this. Return the calculated class UID rather than setting uid field directly. (getDefinedSUID): Removed. * java/io/ObjectInputStream.java (resolveClass): Use the three-argument Class.forName(). * java/io/InvalidClassException (toString): Don't include classname in result if it is null. From-SVN: r41567
2001-04-26 02:02:05 +00:00 · 2001-04-26 02:02:05 +00:00 · 0cd99be737
commit 0cd99be737
parent 7b518b3953
4 changed files with 87 additions and 118 deletions
--- a/libjava/java/io/ObjectStreamClass.java
+++ b/libjava/java/io/ObjectStreamClass.java
@ -246,13 +246,27 @@ public class ObjectStreamClass implements Serializable
    this.fields = fields;
  }

-
-  void setClass (Class clazz)
+  void setClass (Class cl) throws InvalidClassException
  {
-    this.clazz = clazz;
+    this.clazz = cl;
+    long class_uid = getClassUID (cl);
+    if (uid == 0)
+      {
+       uid = class_uid;
+       return;
+      }
+    
+    // Check that the actual UID of the resolved class matches the UID from 
+    // the stream.    
+    if (uid != class_uid)
+      {
+       String msg = cl + 
+	 ": Local class not compatible: stream serialVersionUID="
+	 + uid + ", local serialVersionUID=" + class_uid;
+       throw new InvalidClassException (msg);
+      }
  }

-
  void setSuperclass (ObjectStreamClass osc)
  {
    superClass = osc;
@ -308,7 +322,7 @@ public class ObjectStreamClass implements Serializable
    name = cl.getName ();
    setFlags (cl);
    setFields (cl);
-    setUID (cl);
+    uid = getClassUID (cl);
    superClass = lookup (cl.getSuperclass ());
  }

@ -396,24 +410,24 @@ public class ObjectStreamClass implements Serializable
    calculateOffsets ();
  }

-  // Sets uid to be serial version UID defined by class, or if that
+  // Returns the serial version UID defined by class, or if that
  // isn't present, calculates value of serial version UID.
-  private void setUID (Class cl)
+  private long getClassUID (Class cl)
  {
    try
    {
      Field suid = cl.getDeclaredField ("serialVersionUID");
      int modifiers = suid.getModifiers ();

-      if (Modifier.isStatic (modifiers)
-	  && Modifier.isFinal (modifiers))
-      {
-	uid = getDefinedSUID (cl);
-	return;
-      }
+      if (Modifier.isStatic (modifiers) && Modifier.isFinal (modifiers))
+	return suid.getLong (null);	  
    }
    catch (NoSuchFieldException ignore)
-    {}
+    {
+    }
+    catch (IllegalAccessException ignore)
+    {
+    }

    // cl didn't define serialVersionUID, so we have to compute it
    try
@ -534,7 +548,7 @@ public class ObjectStreamClass implements Serializable
      for (int i=0; i < len; i++)
 	result += (long)(sha[i] & 0xFF) << (8 * i);

-      uid = result;
+      return result;
    }
    catch (NoSuchAlgorithmException e)
    {
@ -547,31 +561,6 @@ public class ObjectStreamClass implements Serializable
    }
  }

-
-  // Returns the value of CLAZZ's final static long field named
-  // `serialVersionUID'.
-  private long getDefinedSUID (Class clazz)
-  {
-    long l = 0;
-    try
-      {
-	// Use getDeclaredField rather than getField, since serialVersionUID
-	// may not be public AND we only want the serialVersionUID of this
-	// class, not a superclass or interface.
-	Field f = clazz.getDeclaredField ("serialVersionUID");
-	l = f.getLong (null);
-      }
-    catch (java.lang.NoSuchFieldException e)
-      {
-      }
-
-    catch (java.lang.IllegalAccessException e)
-      {
-      }
-
-    return l;
-  }
-
  // Returns the value of CLAZZ's private static final field named
  // `serialPersistentFields'.
  private ObjectStreamField[] getSerialPersistentFields (Class clazz)