On Wed, 20 Oct 2021 21:57:29 GMT, Roger Riggs <[email protected]> wrote:
> The ObjectInputStream.GetField method `get(String name, Object val)` should
> have been throwing
> a ClassNotFoundException if the class was not found. Instead the
> implementation was returning null.
> A design error does not allow the `get(String name, Object val)` method to
> throw CNFE as it should.
> However, an exception must be thrown to prevent invalid data from being
> returned.
> Wrapping the CNFE in IOException allows it to be thrown and the exception
> handled.
> The call to `get(String name, Object val)` is always from within a
> `readObject` method
> so the deserialization logic can catch the IOException and unwrap it to
> handle the CNFE.
src/java.base/share/classes/java/io/ObjectInputStream.java line 2663:
> 2661: ClassNotFoundException ex =
> handles.lookupException(objHandle);
> 2662: if (ex != null) {
> 2663: // Wrap the exception so it can be handled in
> GetField.get(String, Object)
I am not sure I understand this comment. We are in `GetField.get(String,
Object)`, aren't we?
-------------
PR: https://git.openjdk.java.net/jdk/pull/6053
