On Mon, Dec 6, 2010 at 2:35 AM, Joe Darcy <[email protected]> wrote:
> Off-list, Alan found the a related closed test and Stuart and I have
> developed an explicit test that tickles this bug:
>
>   http://cr.openjdk.java.net/~darcy/6990094.1/

Looks good to me.

On Mon, Dec 6, 2010 at 3:10 AM, Rémi Forax <[email protected]> wrote:
> Hi Joe,
> In the test, I don't see why the replacement field has to be static in
> Resolver.
> In my opinion, a private final field is sufficient.

I don't know on what instance you would set such an instance field, to
control the exact reference returned by invoking readUnshared on a
deserialized instance.  The attack scenario addressed by the original
bug fix would likely use a static field similarly.

-- Peter

Reply via email to