On Wed, 20 Oct 2021 21:57:29 GMT, Roger Riggs <rri...@openjdk.org> wrote:
> The ObjectInputStream.GetField method `get(String name, Object val)` should > have been throwing > a ClassNotFoundException if the class was not found. Instead the > implementation was returning null. > A design error does not allow the `get(String name, Object val)` method to > throw CNFE as it should. > However, an exception must be thrown to prevent invalid data from being > returned. > Wrapping the CNFE in IOException allows it to be thrown and the exception > handled. > The call to `get(String name, Object val)` is always from within a > `readObject` method > so the deserialization logic can catch the IOException and unwrap it to > handle the CNFE. src/java.base/share/classes/java/io/ObjectInputStream.java line 2663: > 2661: ClassNotFoundException ex = > handles.lookupException(objHandle); > 2662: if (ex != null) { > 2663: // Wrap the exception so it can be handled in > GetField.get(String, Object) I am not sure I understand this comment. We are in `GetField.get(String, Object)`, aren't we? ------------- PR: https://git.openjdk.java.net/jdk/pull/6053