The ArrayBlockingQueue has had a readObject() method since Java 7, which checks invariants of the deserialized object. However, it does not have a writeObject() method. This means that the ArrayBlockingQueue could be modified whilst it is being written, resulting in broken invariants. The readObject() method's invariant checking is not exhaustive, which means that it is possible to end up with ArrayBlockingQueue instances that contain null values, leading to a difference between "size()" and how many objects would be returned with "poll()".
The ABQ should get a writeObject() method that is locking on the same locks as the rest of the class. ------------- Commit messages: - thread safe writeObject Changes: https://git.openjdk.org/jdk/pull/21783/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=21783&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8343250 Stats: 18 lines in 1 file changed: 18 ins; 0 del; 0 mod Patch: https://git.openjdk.org/jdk/pull/21783.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/21783/head:pull/21783 PR: https://git.openjdk.org/jdk/pull/21783
