On Wed, 30 Oct 2024 08:54:55 GMT, kabutz <d...@openjdk.org> wrote: > The ArrayBlockingQueue has had a readObject() method since Java 7, which > checks invariants of the deserialized object. However, it does not have a > writeObject() method. This means that the ArrayBlockingQueue could be > modified whilst it is being written, resulting in broken invariants. The > readObject() method's invariant checking is not exhaustive, which means that > it is possible to end up with ArrayBlockingQueue instances that contain null > values, leading to a difference between "size()" and how many objects would > be returned with "poll()". > > The ABQ should get a writeObject() method that is locking on the same locks > as the rest of the class.
This pull request has now been integrated. Changeset: 57292276 Author: Dr Heinz M. Kabutz <he...@javaspecialists.eu> Committer: Viktor Klang <vkl...@openjdk.org> URL: https://git.openjdk.org/jdk/commit/5729227651969f542f040e5d0bfbf9b0b99b5698 Stats: 18 lines in 1 file changed: 18 ins; 0 del; 0 mod 8343250: ArrayBlockingQueue serialization not thread safe Reviewed-by: rriggs, alanb ------------- PR: https://git.openjdk.org/jdk/pull/21783
