Re: RFR 9: 8170291 : Unpredictable results of j.i.ObjectInputFilter::createFilter
Looks good Roger!
best regards,
-- daniel
On 07/12/16 19:25, Roger Riggs wrote:
Hi Daniel,
Webrev updated in place:
http://cr.openjdk.java.net/~rriggs/webrev-createfilter-8170287/
Thanks for the suggestion, expanding on the text is a better intro to
the more detail spec that follows.
I also received a request to give a better description of the depth and
references values
in ObjectInputStream.
The changes are in the webrev and below:
diff --git a/src/java.base/share/classes/java/io/ObjectInputFilter.java
b/src/java.base/share/classes/java/io/ObjectInputFilter.java
--- a/src/java.base/share/classes/java/io/ObjectInputFilter.java
+++ b/src/java.base/share/classes/java/io/ObjectInputFilter.java
@@ -356,7 +356,9 @@ public interface ObjectInputFilter {
* @param pattern the pattern string to parse; not null
* @return a filter to check a class being deserialized;
* {@code null} if no patterns
- * @throws IllegalArgumentException If any of the following is
true:
+ * @throws IllegalArgumentException if the pattern string is
illegal or
+ * malformed and cannot be parsed.
+ * In particular, if any of the following is true:
*
*if a limit is missing the name or the name is not one of
*"maxdepth", "maxrefs", "maxbytes", or "maxarray"
diff --git a/src/java.base/share/classes/java/io/ObjectInputStream.java
b/src/java.base/share/classes/java/io/ObjectInputStream.java
--- a/src/java.base/share/classes/java/io/ObjectInputStream.java
+++ b/src/java.base/share/classes/java/io/ObjectInputStream.java
@@ -1168,6 +1168,13 @@ public class ObjectInputStream
* for each class and reference in the stream.
* The filter can check any or all of the class, the array length,
the number
* of references, the depth of the graph, and the size of the input
stream.
+ * The depth is the number of nested {@linkplain #readObject
readObject}
+ * calls starting with the reading of the root of the graph being
deserialized
+ * and the current object being deserialized.
+ * The number of references is the cumulative number of objects and
references
+ * to objects already read from the stream including the current
object being read.
+ * The filter is invoked only when reading objects from the stream
and for
+ * not primitives.
Thanks, Roger
On 12/7/2016 6:46 AM, Daniel Fuchs wrote:
Hi Roger,
What about adding a bit of leeway in the reason for which
IAE can be thrown. Here is the text from your webrev:
359 * @throws IllegalArgumentException If any of the
following is true:
360 *
361 *if a limit is missing the name or the name is
not one of
362 *"maxdepth", "maxrefs", "maxbytes", or "maxarray"
363 *if the value of the limit can not be parsed by
364 *{@link Long#parseLong Long.parseLong} or is
negative
365 *if the pattern contains "/" and the module name
is missing
366 *or the remaining pattern is empty
367 *if the package is missing for ".*" and ".**"
368 *
could it be amended to something like:
@throws IllegalArgumentException if the pattern string is illegal or
malformed and cannot be parsed.
In particular, an IllegalArgumentException will be thrown
if any of the following is true: ...
best regards,
-- daniel
On 06/12/16 22:04, Roger Riggs wrote:
Please review a few additional clarifications to the ObjectInputFilter
specification for generating
a filter from a pattern and use in ObjectInputStream plus related test
updates.
Webrev:
http://cr.openjdk.java.net/~rriggs/webrev-createfilter-8170287/
Thanks, Roger
Re: RFR 9: 8170291 : Unpredictable results of j.i.ObjectInputFilter::createFilter
Hi Daniel,
Webrev updated in place:
http://cr.openjdk.java.net/~rriggs/webrev-createfilter-8170287/
Thanks for the suggestion, expanding on the text is a better intro to
the more detail spec that follows.
I also received a request to give a better description of the depth and
references values
in ObjectInputStream.
The changes are in the webrev and below:
diff --git a/src/java.base/share/classes/java/io/ObjectInputFilter.java
b/src/java.base/share/classes/java/io/ObjectInputFilter.java
--- a/src/java.base/share/classes/java/io/ObjectInputFilter.java
+++ b/src/java.base/share/classes/java/io/ObjectInputFilter.java
@@ -356,7 +356,9 @@ public interface ObjectInputFilter {
* @param pattern the pattern string to parse; not null
* @return a filter to check a class being deserialized;
* {@code null} if no patterns
- * @throws IllegalArgumentException If any of the following is
true:
+ * @throws IllegalArgumentException if the pattern string is
illegal or
+ * malformed and cannot be parsed.
+ * In particular, if any of the following is true:
*
*if a limit is missing the name or the name is not one of
*"maxdepth", "maxrefs", "maxbytes", or "maxarray"
diff --git a/src/java.base/share/classes/java/io/ObjectInputStream.java
b/src/java.base/share/classes/java/io/ObjectInputStream.java
--- a/src/java.base/share/classes/java/io/ObjectInputStream.java
+++ b/src/java.base/share/classes/java/io/ObjectInputStream.java
@@ -1168,6 +1168,13 @@ public class ObjectInputStream
* for each class and reference in the stream.
* The filter can check any or all of the class, the array length,
the number
* of references, the depth of the graph, and the size of the
input stream.
+ * The depth is the number of nested {@linkplain #readObject
readObject}
+ * calls starting with the reading of the root of the graph being
deserialized
+ * and the current object being deserialized.
+ * The number of references is the cumulative number of objects and
references
+ * to objects already read from the stream including the current
object being read.
+ * The filter is invoked only when reading objects from the stream
and for
+ * not primitives.
Thanks, Roger
On 12/7/2016 6:46 AM, Daniel Fuchs wrote:
Hi Roger,
What about adding a bit of leeway in the reason for which
IAE can be thrown. Here is the text from your webrev:
359 * @throws IllegalArgumentException If any of the
following is true:
360 *
361 *if a limit is missing the name or the name is
not one of
362 *"maxdepth", "maxrefs", "maxbytes", or "maxarray"
363 *if the value of the limit can not be parsed by
364 *{@link Long#parseLong Long.parseLong} or is
negative
365 *if the pattern contains "/" and the module name
is missing
366 *or the remaining pattern is empty
367 *if the package is missing for ".*" and ".**"
368 *
could it be amended to something like:
@throws IllegalArgumentException if the pattern string is illegal or
malformed and cannot be parsed.
In particular, an IllegalArgumentException will be thrown
if any of the following is true: ...
best regards,
-- daniel
On 06/12/16 22:04, Roger Riggs wrote:
Please review a few additional clarifications to the ObjectInputFilter
specification for generating
a filter from a pattern and use in ObjectInputStream plus related test
updates.
Webrev:
http://cr.openjdk.java.net/~rriggs/webrev-createfilter-8170287/
Thanks, Roger
Re: RFR 9: 8170291 : Unpredictable results of j.i.ObjectInputFilter::createFilter
Hi Roger,
What about adding a bit of leeway in the reason for which
IAE can be thrown. Here is the text from your webrev:
359 * @throws IllegalArgumentException If any of the
following is true:
360 *
361 *if a limit is missing the name or the name is
not one of
362 *"maxdepth", "maxrefs", "maxbytes", or "maxarray"
363 *if the value of the limit can not be parsed by
364 *{@link Long#parseLong Long.parseLong} or is negative
365 *if the pattern contains "/" and the module name
is missing
366 *or the remaining pattern is empty
367 *if the package is missing for ".*" and ".**"
368 *
could it be amended to something like:
@throws IllegalArgumentException if the pattern string is illegal or
malformed and cannot be parsed.
In particular, an IllegalArgumentException will be thrown
if any of the following is true: ...
best regards,
-- daniel
On 06/12/16 22:04, Roger Riggs wrote:
Please review a few additional clarifications to the ObjectInputFilter
specification for generating
a filter from a pattern and use in ObjectInputStream plus related test
updates.
Webrev:
http://cr.openjdk.java.net/~rriggs/webrev-createfilter-8170287/
Thanks, Roger
