2005-12-14 Guilhem Lavaux <guilhem@kaffe.org>

        * java/io/ObjectOutputStream.java
        (writeClassDescription): Throw an InvalidClassException if
        fields is INVALID_FIELDS.
        (lookup): Added some documentation.

        * java/io/ObjectStreamClass.java
        (setFields): Make fields as INVALID if we detect duplicate
        entries in serialPersistentFields.

2 files changed, 35 insertions, 0 deletions

diff --git a/java/io/ObjectOutputStream.java b/java/io/ObjectOutputStream.java
index 573b9cfa1..b80d9e40c 100644
--- a/java/io/ObjectOutputStream.java
+++ b/java/io/ObjectOutputStream.java
@@ -442,6 +442,10 @@ public class ObjectOutputStream extends OutputStream
         realOutput.writeByte(flags);
 
         ObjectStreamField[] fields = osc.fields;
+
+	if (fields == ObjectStreamClass.INVALID_FIELDS)
+	  throw new InvalidClassException("serialPersistentFields in class " + osc.getName() + " is invalid");
+
         realOutput.writeShort(fields.length);
 
         ObjectStreamField field;
diff --git a/java/io/ObjectStreamClass.java b/java/io/ObjectStreamClass.java
index 975dbfc66..203e4a5ab 100644
--- a/java/io/ObjectStreamClass.java
+++ b/java/io/ObjectStreamClass.java
@@ -63,6 +63,8 @@ import java.util.Vector;
 
 public class ObjectStreamClass implements Serializable
 {
+  static final ObjectStreamField[] INVALID_FIELDS = new ObjectStreamField[0];
+
   /**
    * Returns the <code>ObjectStreamClass</code> for <code>cl</code>.
    * If <code>cl</code> is null, or is not <code>Serializable</code>,
@@ -71,6 +73,11 @@ public class ObjectStreamClass implements Serializable
    * same <code>ObjectStreamClass</code> object and no recalculation
    * will be done.
    *
+   * Warning: If this class contains an invalid serialPersistentField arrays
+   * lookup will not throw anything. However {@link #getFields()} will return
+   * an empty array and {@link java.io.ObjectOutputStream#writeObject} will throw an 
+   * {@link java.io.InvalidClassException}.
+   *
    * @see java.io.Serializable
    */
   public static ObjectStreamClass lookup(Class cl)
@@ -148,6 +155,8 @@ public class ObjectStreamClass implements Serializable
    * Returns the serializable (non-static and non-transient) Fields
    * of the class represented by this ObjectStreamClass.  The Fields
    * are sorted by name.
+   * If fields were obtained using serialPersistentFields and this array
+   * is faulty then the returned array of this method will be empty.
    *
    * @return the fields.
    */
@@ -608,6 +617,28 @@ outer:
 	    fields = getSerialPersistentFields(cl);
 	    if (fields != null)
 	      {
+		ObjectStreamField[] fieldsName = new ObjectStreamField[fields.length];
+		System.arraycopy(fields, 0, fieldsName, 0, fields.length);
+
+		Arrays.sort (fieldsName, new Comparator() {
+			public int compare(Object o1, Object o2)
+			{
+			  ObjectStreamField f1 = (ObjectStreamField)o1;
+			  ObjectStreamField f2 = (ObjectStreamField)o2;
+			    
+			  return f1.getName().compareTo(f2.getName());
+			}
+		    });
+		
+		for (int i=1; i < fields.length; i++)
+		  {
+		    if (fieldsName[i-1].getName().equals(fieldsName[i].getName()))
+			{
+			    fields = INVALID_FIELDS;
+			    return;
+			}
+		  }
+
 		Arrays.sort (fields);
 		// Retrieve field reference.
 		for (int i=0; i < fields.length; i++)