Merge

2025-08-26 22:34:27 +02:00 · 2020-04-14 23:11:49 +00:00 · 2020-04-14 23:11:49 +00:00 · 0278846eaa
commit 0278846eaa
parent 7bce9a9158 7e20cf75f9
91 changed files with 1073 additions and 416 deletions
--- a/src/java.base/share/classes/java/io/ObjectInputStream.java
+++ b/src/java.base/share/classes/java/io/ObjectInputStream.java
@ -1858,6 +1858,8 @@ public class ObjectInputStream
                break;
            case TC_REFERENCE:
                descriptor = (ObjectStreamClass) readHandle(unshared);
+                // Should only reference initialized class descriptors
+                descriptor.checkInitialized();
                break;
            case TC_PROXYCLASSDESC:
                descriptor = readProxyDesc(unshared);
--- a/src/java.base/share/classes/java/io/ObjectStreamClass.java
+++ b/src/java.base/share/classes/java/io/ObjectStreamClass.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -885,6 +885,17 @@ public class ObjectStreamClass implements Serializable {
            throw new InternalError("Unexpected call when not initialized");
    }

+    /**
+     * Throws InvalidClassException if not initialized.
+     * To be called in cases where an uninitialized class descriptor indicates
+     * a problem in the serialization stream.
+     */
+    final void checkInitialized() throws InvalidClassException {
+        if (!initialized) {
+            throw new InvalidClassException("Class descriptor should be initialized");
+        }
+    }
+
    /**
     * Throws an InvalidClassException if object instances referencing this
     * class descriptor should not be allowed to deserialize.  This method does
@ -1150,6 +1161,10 @@ public class ObjectStreamClass implements Serializable {
            } catch (IllegalAccessException ex) {
                // should not occur, as access checks have been suppressed
                throw new InternalError(ex);
+            } catch (InstantiationError err) {
+                var ex = new InstantiationException();
+                ex.initCause(err);
+                throw ex;
            }
        } else {
            throw new UnsupportedOperationException();