1 /* 2 * Copyright (c) 2000, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @bug 4325590 26 * @summary Verify that superclass data is not lost when incoming superclass 27 * descriptor is matched with local class that is not a superclass of 28 * the deserialized instance's class. 29 */ 30 31 import java.io.*; 32 import java.net.*; 33 34 class MixedSuperclassStream extends ObjectInputStream { 35 MixedSuperclassStream(InputStream in) throws IOException { super(in); } 36 37 protected Class resolveClass(ObjectStreamClass desc) 38 throws IOException, ClassNotFoundException 39 { 40 // resolve A's classdesc to class != B's superclass 41 String name = desc.getName(); 42 if (name.equals("A")) { 43 return Class.forName(name, true, Test.ldr1); 44 } else if (name.equals("B")) { 45 return Class.forName(name, true, Test.ldr2); 46 } else { 47 return super.resolveClass(desc); 48 } 49 } 50 } 51 52 public class Test { 53 54 static URLClassLoader ldr1, ldr2; 55 static { 56 try { 57 ldr1 = new URLClassLoader(new URL[] { new URL("file:cb1.jar") }); 58 ldr2 = new URLClassLoader(new URL[] { new URL("file:cb2.jar") }); 59 } catch (MalformedURLException ex) { 60 throw new Error(); 61 } 62 } 63 64 public static void main(String[] args) throws Exception { 65 Runnable a = (Runnable) Class.forName("B", true, ldr1).newInstance(); 66 a.run(); 67 68 ByteArrayOutputStream bout = new ByteArrayOutputStream(); 69 ObjectOutputStream oout = new ObjectOutputStream(bout); 70 oout.writeObject(a); 71 oout.close(); 72 73 ByteArrayInputStream bin = 74 new ByteArrayInputStream(bout.toByteArray()); 75 ObjectInputStream oin = new MixedSuperclassStream(bin); 76 a = (Runnable) oin.readObject(); 77 a.run(); 78 } 79 } | 1 /* 2 * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 4325590 27 * @library /lib/testlibrary 28 * @build JarUtils A B 29 * @run main SuperclassDataLossTest 30 * @summary Verify that superclass data is not lost when incoming superclass 31 * descriptor is matched with local class that is not a superclass of 32 * the deserialized instance's class. 33 */ 34 35 import java.io.ByteArrayInputStream; 36 import java.io.ByteArrayOutputStream; 37 import java.io.InputStream; 38 import java.io.IOException; 39 import java.io.ObjectInputStream; 40 import java.io.ObjectOutputStream; 41 import java.io.ObjectStreamClass; 42 import java.net.URL; 43 import java.net.URLClassLoader; 44 import java.net.MalformedURLException; 45 import java.nio.file.Files; 46 import java.nio.file.Path; 47 import java.nio.file.Paths; 48 import java.nio.file.StandardCopyOption; 49 50 class MixedSuperclassStream extends ObjectInputStream { 51 private boolean ldr12A; 52 53 MixedSuperclassStream(InputStream in, boolean ldr1First) throws IOException { 54 super(in); 55 this.ldr12A = ldr12A; 56 } 57 58 protected Class resolveClass(ObjectStreamClass desc) 59 throws IOException, ClassNotFoundException 60 { 61 // resolve A's classdesc to class != B's superclass 62 String name = desc.getName(); 63 if (ldr12A) { 64 if (name.equals("A")) { 65 return Class.forName(name, true, SuperclassDataLossTest.ldr1); 66 } else if (name.equals("B")) { 67 return Class.forName(name, true, SuperclassDataLossTest.ldr2); 68 } 69 } else { 70 if (name.equals("B")) { 71 return Class.forName(name, true, SuperclassDataLossTest.ldr1); 72 } else if (name.equals("A")) { 73 return Class.forName(name, true, SuperclassDataLossTest.ldr2); 74 } 75 } 76 return super.resolveClass(desc); 77 } 78 } 79 80 public class SuperclassDataLossTest { 81 82 static URLClassLoader ldr1, ldr2; 83 static { 84 try { 85 ldr1 = new URLClassLoader(new URL[] { new URL("file:cb1.jar") }); 86 ldr2 = new URLClassLoader(new URL[] { new URL("file:cb2.jar") }); 87 } catch (MalformedURLException ex) { 88 throw new Error(); 89 } 90 } 91 92 public static void main(String[] args) throws Exception { 93 setup(); 94 95 Runnable a = (Runnable) Class.forName("B", true, ldr1).newInstance(); 96 a.run(); 97 98 ByteArrayOutputStream bout = new ByteArrayOutputStream(); 99 ObjectOutputStream oout = new ObjectOutputStream(bout); 100 oout.writeObject(a); 101 oout.close(); 102 103 test(bout, true); 104 test(bout, false); 105 106 ldr1.close(); 107 ldr2.close(); 108 } 109 110 private static void test(ByteArrayOutputStream bout, boolean ldr12A) throws Exception { 111 ByteArrayInputStream bin = 112 new ByteArrayInputStream(bout.toByteArray()); 113 ObjectInputStream oin = new MixedSuperclassStream(bin, ldr12A); 114 Runnable a = (Runnable) oin.readObject(); 115 a.run(); 116 } 117 118 private static void setup() throws Exception { 119 Path classes = Paths.get(System.getProperty("test.classes", "")); 120 JarUtils.createJarFile(Paths.get("cb1.jar"), classes, 121 classes.resolve("A.class"), classes.resolve("B.class")); 122 Files.copy(Paths.get("cb1.jar"), Paths.get("cb2.jar"), 123 StandardCopyOption.REPLACE_EXISTING); 124 } 125 } |