Functional changes for java.io.[ILO]* ojdk8 port

- Change in ObjectInputStream.readSerialData.
hg log points to change with "Serialize OIS data" in the topic.
I found some links between topic and CVE-2015-2590, probably a
security fix. The functional result of this change is: if there's
an ClassNotFoundException for the current object's handle then the
de-serialized fields are not copied/set into the current object.
Sadly, I failed to produce the test case where object can be 
instantiated and has an exception waiting for it.
- ObjectInputStream.readExternalData added activeThread==
context.thread checks.
- ObjectOutputStream.defaultWriteFields added a Conservative
isInstance check.
- ObjectOutputStream  class checks protecting from  NPE when
writing a class descriptor object to a custom ObjectOutputStream.

Test: cts run of CtsLibcoreTestCases
Bug: 31237296
Change-Id: I315a71d8aad836bcb5ecbdd853b2d0f01adaf0f1

0 files changed, 0 insertions, 0 deletions