--- a/jdk/src/share/classes/java/io/ObjectStreamClass.java	Mon Apr 22 10:22:59 2013 +0100
+++ b/jdk/src/share/classes/java/io/ObjectStreamClass.java	Mon Apr 22 10:55:14 2013 +0100
@@ -50,6 +50,7 @@
 import java.util.concurrent.ConcurrentMap;
 import sun.misc.Unsafe;
 import sun.reflect.ReflectionFactory;
+import sun.reflect.misc.ReflectUtil;
 
 /**
  * Serialization's descriptor for classes.  It contains the name and
@@ -259,6 +260,13 @@
      * @return  the <code>Class</code> instance that this descriptor represents
      */
     public Class<?> forClass() {
+        if (cl == null) {
+            return null;
+        }
+        ClassLoader ccl = ObjectStreamField.getCallerClassLoader();
+        if (ReflectUtil.needsPackageAccessCheck(ccl, cl.getClassLoader())) {
+            ReflectUtil.checkPackageAccess(cl);
+        }
         return cl;
     }
changeset 18237	54af2a0e06da
parent 18186	482db5c3e9c0
child 18238	d1ed51b53296