1 Reply Latest reply on Feb 29, 2008 5:40 PM by Ales Justin

    Careful with default serialization, JBVFS-17

    Scott Stark Master

      The serialization of the NestedJarFromStream is incorrect. Its using default serialization of these fields:

      private transient ZipInputStream zis;
      private URL jarURL;
      private URL entryURL;
      private long lastModified;
      private long size;
      private AtomicBoolean inited = new AtomicBoolean(false);

      The problem is that the inited flag should not be serialized as this implies its parents fields:

      private transient List entries;
      private transient Map<String, VirtualFileHandler> entryMap;

      have been initialized. They will not be after deserialization of NestedJarFromStream as it lazily does initialization. We need to be careful when adding fields to a class that is using the default java serialization contract.

        • 1. Re: Careful with default serialization, JBVFS-17
          Ales Justin Master

          Serialization for nested jars is broken anyway.
          See the problem that I somehow hinted about in AbstractJarHandler.handleJarFile.

          The thing is that when you do

           JarURLConnection jconn = (JarURLConnection) conn;
           jar = jconn.getJarFile();

          on an url that points to nested jar, you're gonna get only the first non-nested jar.
          And doing jar.getEntry(current.getName()) on it, will return null, or the wrong entry (in case the names are accidentally equal).