1berry/openjdk
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

8016252: More defensive HashSet.readObject

Browse Source 
Add data validation checks in readObject().

Reviewed-by: alanb, mduigou, chegar
This commit is contained in:
Brian Burkhalter 2013-10-09 11:47:48 -07:00 committed by Brian Burkhalter
parent bc56565f2a
commit 4ee6d9bd3a
2 changed files with 138 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
jdk/src/share/classes/java/util/HashSet.java
View File

@ -25,6 +25,8 @@
package java.util;
import java.io.InvalidObjectException;
/**
* This class implements the <tt>Set</tt> interface, backed by a hash table
* (actually a <tt>HashMap</tt> instance). It makes no guarantees as to the
@ -294,16 +296,37 @@ public class HashSet<E>
// Read in any hidden serialization magic
s.defaultReadObject();
// Read in HashMap capacity and load factor and create backing HashMap
// Read capacity and verify non-negative.
int capacity = s.readInt();
if (capacity < 0) {
throw new InvalidObjectException("Illegal capacity: " +
capacity);
}
// Read load factor and verify positive and non NaN.
float loadFactor = s.readFloat();
if (loadFactor <= 0 || Float.isNaN(loadFactor)) {
throw new InvalidObjectException("Illegal load factor: " +
loadFactor);
}
// Read size and verify non-negative.
int size = s.readInt();
if (size < 0) {
throw new InvalidObjectException("Illegal size: " +
size);
}
// Set the capacity according to the size and load factor ensuring that
// the HashMap is at least 25% full but clamping to maximum capacity.
capacity = (int) Math.min(size * Math.min(1 / loadFactor, 4.0f),
HashMap.MAXIMUM_CAPACITY);
// Create backing HashMap
map = (((HashSet<?>)this) instanceof LinkedHashSet ?
new LinkedHashMap<E,Object>(capacity, loadFactor) :
new HashMap<E,Object>(capacity, loadFactor));
// Read in size
int size = s.readInt();
// Read in all elements in the proper order.
for (int i=0; i<size; i++) {
@SuppressWarnings("unchecked")

111
jdk/test/java/util/HashSet/Serialization.java Normal file
View File

@ -0,0 +1,111 @@
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.util.HashSet;
import java.util.Random;
import java.util.concurrent.ThreadLocalRandom;
/*
* @test
* @bug 8016252
* @summary Verify that a serialized HashSet may successfully be deserialized.
*/
public class Serialization {
private static final int NUM_SETS = 43;
private static final int MAX_CAPACITY = 257;
private static final float MAX_LOAD_FACTOR = 100.0F;
private static final Random rnd = ThreadLocalRandom.current();
private static HashSet<Integer> createHashSet() {
int capacity = rnd.nextInt(MAX_CAPACITY);
float loadFactor = Float.MIN_VALUE + rnd.nextFloat()*MAX_LOAD_FACTOR;
HashSet<Integer> hashSet = new HashSet<Integer>(capacity, loadFactor);
float multiplier = 2*rnd.nextFloat(); // range [0,2]
int size = (int)(capacity*loadFactor*multiplier);
for (int i = 0; i < size; i++) {
hashSet.add(rnd.nextInt());
}
return hashSet;
}
private static HashSet<Integer> serDeser(HashSet<Integer> hashSet) throws IOException, ClassNotFoundException {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
ObjectOutputStream oos = new ObjectOutputStream(baos);
oos.writeObject(hashSet);
oos.flush();
ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray());
ObjectInputStream ois = new ObjectInputStream(bais);
HashSet<Integer> result = (HashSet<Integer>)ois.readObject();
oos.close();
ois.close();
return result;
}
private static void printHashSet(HashSet<Integer> hashSet) {
System.err.println("Size: "+hashSet.size());
for (Object o : hashSet) {
System.err.println(o);
}
}
public static void main(String[] args) {
int failures = 0;
for (int i = 0; i < NUM_SETS; i++) {
HashSet<Integer> hashSet = createHashSet();
HashSet<Integer> result = null;
try {
result = serDeser(hashSet);
} catch (IOException ioe) {
System.err.println(ioe);
failures++;
} catch (ClassNotFoundException cnfe) {
System.err.println(cnfe);
failures++;
}
if (!hashSet.equals(result)) {
System.err.println("Unequal HashSets!");
printHashSet(hashSet);
System.err.println();
failures++;
}
}
if (failures != 0) {
throw new RuntimeException("HashSet/Serialzation failed with "+
failures+" failures!");
}
}
}