8306461: ObjectInputStream::readObject() should handle negative array sizes without throwing NegativeArraySizeExceptions

[rm-gh-8]

Backporting JDK-8306461: ObjectInputStream::readObject() should handle negative array sizes without throwing NegativeArraySizeExceptions. Updates implementation to use a checked exception and adds a new test. Ran GHA Sanity Checks (passed), related ObjectInputStream tests (passed). Patch is clean.

---

Progress

• Change must not contain extraneous whitespace
• Commit message must refer to an issue
• Change requires a CSR request matching fixVersion 17.0.18 to be approved (needs to be created)
• JDK-8306461 needs maintainer approval

Issue

• JDK-8306461: ObjectInputStream::readObject() should handle negative array sizes without throwing NegativeArraySizeExceptions (Bug - P3 - Requested)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk17u-dev.git pull/4174/head:pull/4174
$ git checkout pull/4174

Update a local copy of the PR:
$ git checkout pull/4174
$ git pull https://git.openjdk.org/jdk17u-dev.git pull/4174/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 4174

View PR using the GUI difftool:
$ git pr show -t 4174

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk17u-dev/pull/4174.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back rm-gh-8! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

[openjdk]

This backport pull request has now been updated with issue from the original commit.

[openjdk]

At least one of the issues associated with this backport has a resolved CSR for a different version. As this means that this backport may also need a CSR, the csr label is being added to this pull request to signal this potential requirement. The command /csr unneeded can be used to remove the label in case a CSR is not needed.

[mlbridge]

Webrevs

• 00: Full (c2b97f19)

[openjdk]

@rm-gh-8 usage: /csr [needed|unneeded], requires that the issue the pull request refers to links to an approved CSR request.

[openjdk]

@rm-gh-8 usage: /csr [needed|unneeded], requires that the issue the pull request refers to links to an approved CSR request.

[rm-gh-8]

/csr needed

[openjdk]

@rm-gh-8 an approved CSR request is already required for this pull request.

[rm-gh-8]

/approval request for backport of JDK-8306461: ObjectInputStream::readObject() should handle negative array sizes without throwing NegativeArraySizeExceptions.

Ran the new and related tests on linux-x64, linux-aarch64, macos-aarch64 and windows-x64:

(All Passed) - make test TEST=test/jdk/java/io/ObjectInputStream

Results are attached.
linux-aarch64-specific-test.log
linux-x64-specific-test.log
macos-aarch64-specific-test.log
windows-x64-specific-test.log

[openjdk]

@rm-gh-8
8306461: The approval request has been created successfully.