view test/java/io/Serializable/6559775/README @ 2994:69646b4db21d

6559775: Race allows defaultReadObject to be invoked instead of readFields during deserialization Reviewed-by: hawtin
author skoppar
date Tue, 28 Sep 2010 01:09:10 -0700
parents
children
line wrap: on
line source
The testcase works well on dual core machines.
The below output indicates a successful fix:

Exception in thread "Thread-0" java.lang.NullPointerException
        at java.io.ObjectInputStream.defaultReadObject(ObjectInputStream.java:476)
        at SerialRace$1.run(SerialRace.java:33)
        at java.lang.Thread.run(Thread.java:595)


When the vulnerability exists, the output of the tescase is something like this:
Available processors: 2
Iteration 1
java.io.NotActiveException: not in readObject invocation or fields already read
        at java.io.ObjectInputStream$CallbackContext.checkAndSetUsed(ObjectInputStream.java:3437)
        at java.io.ObjectInputStream$CallbackContext.getObj(ObjectInputStream.java:3427)
        at java.io.ObjectInputStream.readFields(ObjectInputStream.java:514)
        at SerialVictim.readObject(SerialVictim.java:19)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:946)
        at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1809)
        at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1719)
        at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1305)
        at java.io.ObjectInputStream.readObject(ObjectInputStream.java:348)
        at SerialRace.main(SerialRace.java:65)
Victim: ?
Victim: $