On Fri, 28 Jan 2022 21:02:23 GMT, Roger Riggs <rri...@openjdk.org> wrote:
> During deserialization of a serialized data stream that contains a proxy > descriptor with non-public interfaces > `java.io.ObjectInputStream` checks that the interfaces can be loaded from a > single classloader in `ObjectInputStream.resolveProxyClass`. > If the interfaces cannot be loaded from a single classloader, an > `IllegalAccessError` is thrown. > When `ObjectInputStream.readObject` encounters this case, it reflects an > incompatibility > between the classloaders of the source of the serialized stream and the > classloader being used for deserialization. > When a proxy object cannot be created from the interfaces, > `ObjectInputStream.readObject` should catch > the `InvalidAccessError` and throw `InvalidObjectException` with the > `InvalidAccessError` as the cause. > This allows the application to handle the exception consistently with other > errors during deserialization. This pull request has now been integrated. Changeset: fdd9ca74 Author: Roger Riggs <rri...@openjdk.org> URL: https://git.openjdk.java.net/jdk/commit/fdd9ca74bd6ca87c30be2bcdcfd22e19b7687a5a Stats: 13 lines in 2 files changed: 5 ins; 0 del; 8 mod 8280642: ObjectInputStream.readObject should throw InvalidClassException instead of IllegalAccessError Reviewed-by: naoto, mchung ------------- PR: https://git.openjdk.java.net/jdk/pull/7274
