Re: RFR 9: 8170291 : Unpredictable results of j.i.ObjectInputFilter::createFilter
Looks good Roger! best regards, -- daniel On 07/12/16 19:25, Roger Riggs wrote: Hi Daniel, Webrev updated in place: http://cr.openjdk.java.net/~rriggs/webrev-createfilter-8170287/ Thanks for the suggestion, expanding on the text is a better intro to the more detail spec that follows. I also received a request to give a better description of the depth and references values in ObjectInputStream. The changes are in the webrev and below: diff --git a/src/java.base/share/classes/java/io/ObjectInputFilter.java b/src/java.base/share/classes/java/io/ObjectInputFilter.java --- a/src/java.base/share/classes/java/io/ObjectInputFilter.java +++ b/src/java.base/share/classes/java/io/ObjectInputFilter.java @@ -356,7 +356,9 @@ public interface ObjectInputFilter { * @param pattern the pattern string to parse; not null * @return a filter to check a class being deserialized; * {@code null} if no patterns - * @throws IllegalArgumentException If any of the following is true: + * @throws IllegalArgumentException if the pattern string is illegal or + * malformed and cannot be parsed. + * In particular, if any of the following is true: * *if a limit is missing the name or the name is not one of *"maxdepth", "maxrefs", "maxbytes", or "maxarray" diff --git a/src/java.base/share/classes/java/io/ObjectInputStream.java b/src/java.base/share/classes/java/io/ObjectInputStream.java --- a/src/java.base/share/classes/java/io/ObjectInputStream.java +++ b/src/java.base/share/classes/java/io/ObjectInputStream.java @@ -1168,6 +1168,13 @@ public class ObjectInputStream * for each class and reference in the stream. * The filter can check any or all of the class, the array length, the number * of references, the depth of the graph, and the size of the input stream. + * The depth is the number of nested {@linkplain #readObject readObject} + * calls starting with the reading of the root of the graph being deserialized + * and the current object being deserialized. + * The number of references is the cumulative number of objects and references + * to objects already read from the stream including the current object being read. + * The filter is invoked only when reading objects from the stream and for + * not primitives. Thanks, Roger On 12/7/2016 6:46 AM, Daniel Fuchs wrote: Hi Roger, What about adding a bit of leeway in the reason for which IAE can be thrown. Here is the text from your webrev: 359 * @throws IllegalArgumentException If any of the following is true: 360 * 361 *if a limit is missing the name or the name is not one of 362 *"maxdepth", "maxrefs", "maxbytes", or "maxarray" 363 *if the value of the limit can not be parsed by 364 *{@link Long#parseLong Long.parseLong} or is negative 365 *if the pattern contains "/" and the module name is missing 366 *or the remaining pattern is empty 367 *if the package is missing for ".*" and ".**" 368 * could it be amended to something like: @throws IllegalArgumentException if the pattern string is illegal or malformed and cannot be parsed. In particular, an IllegalArgumentException will be thrown if any of the following is true: ... best regards, -- daniel On 06/12/16 22:04, Roger Riggs wrote: Please review a few additional clarifications to the ObjectInputFilter specification for generating a filter from a pattern and use in ObjectInputStream plus related test updates. Webrev: http://cr.openjdk.java.net/~rriggs/webrev-createfilter-8170287/ Thanks, Roger
Re: RFR 9: 8170291 : Unpredictable results of j.i.ObjectInputFilter::createFilter
Hi Daniel, Webrev updated in place: http://cr.openjdk.java.net/~rriggs/webrev-createfilter-8170287/ Thanks for the suggestion, expanding on the text is a better intro to the more detail spec that follows. I also received a request to give a better description of the depth and references values in ObjectInputStream. The changes are in the webrev and below: diff --git a/src/java.base/share/classes/java/io/ObjectInputFilter.java b/src/java.base/share/classes/java/io/ObjectInputFilter.java --- a/src/java.base/share/classes/java/io/ObjectInputFilter.java +++ b/src/java.base/share/classes/java/io/ObjectInputFilter.java @@ -356,7 +356,9 @@ public interface ObjectInputFilter { * @param pattern the pattern string to parse; not null * @return a filter to check a class being deserialized; * {@code null} if no patterns - * @throws IllegalArgumentException If any of the following is true: + * @throws IllegalArgumentException if the pattern string is illegal or + * malformed and cannot be parsed. + * In particular, if any of the following is true: * *if a limit is missing the name or the name is not one of *"maxdepth", "maxrefs", "maxbytes", or "maxarray" diff --git a/src/java.base/share/classes/java/io/ObjectInputStream.java b/src/java.base/share/classes/java/io/ObjectInputStream.java --- a/src/java.base/share/classes/java/io/ObjectInputStream.java +++ b/src/java.base/share/classes/java/io/ObjectInputStream.java @@ -1168,6 +1168,13 @@ public class ObjectInputStream * for each class and reference in the stream. * The filter can check any or all of the class, the array length, the number * of references, the depth of the graph, and the size of the input stream. + * The depth is the number of nested {@linkplain #readObject readObject} + * calls starting with the reading of the root of the graph being deserialized + * and the current object being deserialized. + * The number of references is the cumulative number of objects and references + * to objects already read from the stream including the current object being read. + * The filter is invoked only when reading objects from the stream and for + * not primitives. Thanks, Roger On 12/7/2016 6:46 AM, Daniel Fuchs wrote: Hi Roger, What about adding a bit of leeway in the reason for which IAE can be thrown. Here is the text from your webrev: 359 * @throws IllegalArgumentException If any of the following is true: 360 * 361 *if a limit is missing the name or the name is not one of 362 *"maxdepth", "maxrefs", "maxbytes", or "maxarray" 363 *if the value of the limit can not be parsed by 364 *{@link Long#parseLong Long.parseLong} or is negative 365 *if the pattern contains "/" and the module name is missing 366 *or the remaining pattern is empty 367 *if the package is missing for ".*" and ".**" 368 * could it be amended to something like: @throws IllegalArgumentException if the pattern string is illegal or malformed and cannot be parsed. In particular, an IllegalArgumentException will be thrown if any of the following is true: ... best regards, -- daniel On 06/12/16 22:04, Roger Riggs wrote: Please review a few additional clarifications to the ObjectInputFilter specification for generating a filter from a pattern and use in ObjectInputStream plus related test updates. Webrev: http://cr.openjdk.java.net/~rriggs/webrev-createfilter-8170287/ Thanks, Roger
Re: RFR 9: 8170291 : Unpredictable results of j.i.ObjectInputFilter::createFilter
Hi Roger, What about adding a bit of leeway in the reason for which IAE can be thrown. Here is the text from your webrev: 359 * @throws IllegalArgumentException If any of the following is true: 360 * 361 *if a limit is missing the name or the name is not one of 362 *"maxdepth", "maxrefs", "maxbytes", or "maxarray" 363 *if the value of the limit can not be parsed by 364 *{@link Long#parseLong Long.parseLong} or is negative 365 *if the pattern contains "/" and the module name is missing 366 *or the remaining pattern is empty 367 *if the package is missing for ".*" and ".**" 368 * could it be amended to something like: @throws IllegalArgumentException if the pattern string is illegal or malformed and cannot be parsed. In particular, an IllegalArgumentException will be thrown if any of the following is true: ... best regards, -- daniel On 06/12/16 22:04, Roger Riggs wrote: Please review a few additional clarifications to the ObjectInputFilter specification for generating a filter from a pattern and use in ObjectInputStream plus related test updates. Webrev: http://cr.openjdk.java.net/~rriggs/webrev-createfilter-8170287/ Thanks, Roger