rootvector2 commented on PR #690: URL: https://github.com/apache/commons-collections/pull/690#issuecomment-4759024042
`initialSize` isn't part of the serialized form, so there's nothing to re-validate on read. it's a constructor-only param (the proposed table capacity); what gets written is the resulting `data.length`, which already exceeds `maxSize` for normal small maps. `new LRUMap<>(3)` rounds the table up to a power of two, so it serializes a capacity of 4 against a `maxSize` of 3. a `capacity > maxSize` check on read would reject those valid streams. the constructor's `initialSize > maxSize` guard only constrains the proposed capacity at build time, and a deserialized table that differs from `maxSize` is harmless since entries are re-inserted through `put()`. `maxSize < 1` is the only reconstructable value that corrupts state: it reuses the header sentinel as a data entry on the first `put`, which is what this rejects. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
