Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8155977

Update ObjectInputStream::resolveClass and resolveProxyClass to work with platform class loader

    XMLWordPrintable

    Details

      Description

      The default implementation of ObjectInputStream::resolveClass and resolveProxyClass finds the user-defined class loader on the stack and considered only system classes are loaded by null loader. These methods should be updated to prepare if any system class are defined by the platform class loader and its ancestors instead.

      As JDK modules are deprivileged, classes on the stack defined by the platform class loader should be excluded. As for the implementation, JVM_LatestUserDefinedLoader returns the first non-null class loader on the stack. Walking the stack to find the latest user defined loader is fragile. Serialization and RMI depend on it. It'd be even better if this can be removed.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                mchung Mandy Chung
                Reporter:
                mchung Mandy Chung
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: