Mercurial Mercurial > jdk-sandbox / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
jdk/src/share/classes/java/io/ObjectInputStream.java
changeset 16090 633bc7653c3b
parent 11117 b6e68b1344d4
child 16100 379f48d34516 
--- a/jdk/src/share/classes/java/io/ObjectInputStream.java	Wed Nov 07 14:26:41 2012 +0000
+++ b/jdk/src/share/classes/java/io/ObjectInputStream.java	Thu Nov 08 15:41:01 2012 -0800
@@ -1752,6 +1752,12 @@
         ObjectStreamClass desc = readClassDesc(false);
         desc.checkDeserialize();
 
+        Class<?> cl = desc.forClass();
+        if (cl == String.class || cl == Class.class
+                || cl == ObjectStreamClass.class) {
+            throw new InvalidClassException("invalid class descriptor");
+        }
+
         Object obj;
         try {
             obj = desc.isInstantiable() ? desc.newInstance() : null;
jdk-sandbox