Thanks Roger.
Christoph - your patch has been pushed to jdk/jdk repo.
Mandy
On 11/8/17 10:11 AM, Roger Riggs wrote:
Hi Mandy,
yes, the revision in the webrev is correct; the trailing '.' in the
pkg was just to ensure it was a package prefix.
+1, Roger
On 11/7/2017 6:00 PM, mandy chung wrote:
On 11/7/17 6:48 AM, Christoph Dreis wrote:
======= PATCH =======
diff -r 67aa34b019e1 src/java.base/share/classes/java/io/ObjectInputFilter.java
--- a/src/java.base/share/classes/java/io/ObjectInputFilter.java Mon Nov
06 17:48:00 2017 -0800
+++ b/src/java.base/share/classes/java/io/ObjectInputFilter.java Tue Nov
07 15:44:36 2017 +0100
@@ -656,8 +656,8 @@
* otherwise {@code false}
*/
private static boolean matchesPackage(Class<?> c, String pkg) {
- String n = c.getName();
- return n.startsWith(pkg) && n.lastIndexOf('.') == pkg.length()
- 1;
+ String n = c.getPackageName();
+ return n.length() == pkg.length() - 1 && n.startsWith(pkg);
}
This is correct but we could simplify this. We can modify the
callers to drop a trailing "." from the pkg parameter. I took the
liberty to revise it a little.
http://cr.openjdk.java.net/~mchung/jdk10/webrevs/8190733/webrev.00/
Roger - can you take a look at the change in ObjectInputFilter?
Mandy
