Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8277322

Document that setting an invalid property jdk.serialFilter disables deserialization

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P3
    • Resolution: Duplicate
    • Affects Version/s: 17, 18
    • Fix Version/s: 18
    • Component/s: core-libs
    • Labels:
      None

      Description

      UseCase : setting property `jdk.serialFilter` as invalid and invoking Config.CreateFilter() twice.

      Expected behavior : java.lang.ExceptionInInitializerError supposed to be thrown

      Actual behavior : first invocation throws the java.lang.ExceptionInInitializerError and the second invocation throws java.lang.NoClassDefFoundError.

      The java.lang.NoClassDefFoundError is unspecified anywhere in this context.

      IMO we need to mention the possibility of java.lang.NoClassDefFoundError in the spec.

       Sample Code :
       ========
       
       Run the following with -Djdk.serialFilter=maxrefs=-123
       
              Assert.assertThrows(() -> Config.createFilter("maxdepth=2;maxrefs=5"), ExceptionInInitializerError.class );
              Assert.assertThrows(() -> Config.createFilter("maxdepth=2;maxrefs=5"), ExceptionInInitializerError.class );

      And the second call would generate: Failed. None of the expected [java.lang.ExceptionInInitializerError] was thrown. java.lang.NoClassDefFoundError was thrown instead

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              rriggs Roger Riggs
              Reporter:
              kganapureddy Krushnareddy Ganapureddy
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: