--- a/src/java.base/share/classes/java/util/Hashtable.java Tue Dec 05 09:59:36 2017 -0500
+++ b/src/java.base/share/classes/java/util/Hashtable.java Wed Dec 06 21:17:19 2017 +0800
@@ -1293,6 +1293,10 @@
length--;
length = Math.min(length, origlength);
+ if (length < 0) { // overflow
+ length = origlength;
+ }
+
// Check Map.Entry[].class since it's the nearest public type to
// what we're actually creating.
SharedSecrets.getJavaObjectInputStreamAccess().checkArray(s, Map.Entry[].class, length);
--- a/src/java.base/share/classes/java/util/Vector.java Tue Dec 05 09:59:36 2017 -0500
+++ b/src/java.base/share/classes/java/util/Vector.java Wed Dec 06 21:17:19 2017 +0800
@@ -25,6 +25,9 @@
package java.util;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.StreamCorruptedException;
import java.util.function.Consumer;
import java.util.function.Predicate;
import java.util.function.UnaryOperator;
@@ -1169,6 +1172,29 @@
}
/**
+ * Loads a {@code Vector} instance from a stream
+ * (that is, deserializes it).
+ * This method performs checks to ensure the consistency
+ * of the fields.
+ *
+ * @param in the stream
+ * @throws java.io.IOException if an I/O error occurs
+ * @throws ClassNotFoundException if the stream contains data
+ * of a non-existing class
+ */
+ private void readObject(ObjectInputStream in)
+ throws IOException, ClassNotFoundException {
+ ObjectInputStream.GetField gfields = in.readFields();
+ int count = gfields.get("elementCount", 0);
+ Object[] data = (Object[])gfields.get("elementData", null);
+ if (count < 0 || data == null || count > data.length) {
+ throw new StreamCorruptedException("Inconsistent vector internals");
+ }
+ elementCount = count;
+ elementData = data.clone();
+ }
+
+ /**
* Saves the state of the {@code Vector} instance to a stream
* (that is, serializes it).
* This method performs synchronization to ensure the consistency