8000638: Improve deserialization
authordmocek
Mon, 04 Mar 2013 14:34:15 -0800 (2013-03-04)
changeset 18186 482db5c3e9c0
parent 18185 607d2fb48f47
child 18187 a798516cf58d
8000638: Improve deserialization Reviewed-by: smarks, hawtin, mchung
jdk/src/share/classes/java/io/ObjectStreamClass.java
--- a/jdk/src/share/classes/java/io/ObjectStreamClass.java	Wed Feb 27 11:44:41 2013 +0000
+++ b/jdk/src/share/classes/java/io/ObjectStreamClass.java	Mon Mar 04 14:34:15 2013 -0800
@@ -1151,7 +1151,14 @@
             end = end.getSuperclass();
         }
 
+        HashSet<String> oscNames = new HashSet<>(3);
+
         for (ObjectStreamClass d = this; d != null; d = d.superDesc) {
+            if (oscNames.contains(d.name)) {
+                throw new InvalidClassException("Circular reference.");
+            } else {
+                oscNames.add(d.name);
+            }
 
             // search up inheritance hierarchy for class with matching name
             String searchName = (d.cl != null) ? d.cl.getName() : d.name;