Code review request for 6990094 "ObjectInputStream cloneArray doesn't handle short[]"

Peter Jones pcj at
Mon Dec 6 16:03:24 UTC 2010

On Mon, Dec 6, 2010 at 2:35 AM, Joe Darcy <joe.darcy at> wrote:
> Off-list, Alan found the a related closed test and Stuart and I have
> developed an explicit test that tickles this bug:

Looks good to me.

On Mon, Dec 6, 2010 at 3:10 AM, Rémi Forax <forax at> wrote:
> Hi Joe,
> In the test, I don't see why the replacement field has to be static in
> Resolver.
> In my opinion, a private final field is sufficient.

I don't know on what instance you would set such an instance field, to
control the exact reference returned by invoking readUnshared on a
deserialized instance.  The attack scenario addressed by the original
bug fix would likely use a static field similarly.

-- Peter

More information about the core-libs-dev mailing list