rootvector2 opened a new pull request, #684: URL: https://github.com/apache/commons-collections/pull/684
`readObject` in `ListOrderedMap`, `ListOrderedSet` and `SetUniqueList` restores the backing collection and the parallel structure that records iteration order / enforces uniqueness (`insertOrder`, `setOrder`, and the dedup `set`) as two independent stream fields and never checks the two agree, unlike the constructors which derive the order/dedup structure from the backing collection so they always match. Found while auditing the custom `readObject` paths against the invariant the constructors hold: a tampered or hand-built stream whose two fields disagree deserializes into a decorator whose state is impossible through the API. A `SetUniqueList` can be made to hold duplicates in its backing list, and a `ListOrderedMap`/`ListOrderedSet` can be made to carry an order list that names keys/elements absent from the backing collection (or repeats one), so `keyList()`/iteration surface phantom or duplicate entries while `size()` reports the backing count. Each `readObject` now re-checks t hat the order/dedup structure is a duplicate-free match for the backing collection and throws `InvalidObjectException` otherwise, mirroring the constructor contract. Existing serialized forms still load (the version-4 compatibility tests pass); only streams carrying inconsistent data are rejected. Regression tests added in `ListOrderedMapTest`, `ListOrderedSetTest` and `SetUniqueListTest`. Before you push a pull request, review this list: - [x] Read the [contribution guidelines](CONTRIBUTING.md) for this project. - [ ] Read the [ASF Generative Tooling Guidance](https://www.apache.org/legal/generative-tooling.html) if you use Artificial Intelligence (AI). - [ ] I used AI to create any part of, or all of, this pull request. Which AI tool was used to create this pull request, and to what extent did it contribute? - [x] Run a successful build using the default [Maven](https://maven.apache.org/) goal with `mvn`; that's `mvn` on the command line by itself. - [x] Write unit tests that match behavioral changes, where the tests fail if the changes to the runtime are not applied. This may not always be possible, but it is a best practice. - [x] Write a pull request description that is detailed enough to understand what the pull request does, how, and why. - [x] Each commit in the pull request should have a meaningful subject line and body. Note that a maintainer may squash commits during the merge process. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
