From 4a3efff02bfa230932dd456f247f048f55c3fed8 Mon Sep 17 00:00:00 2001
From: Darryl Mocek <dmocek@openjdk.org>
Date: Mon, 4 Mar 2013 14:34:15 -0800
Subject: [PATCH] 8000638: Improve deserialization

Reviewed-by: smarks, hawtin, mchung
---
 jdk/src/share/classes/java/io/ObjectStreamClass.java | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/jdk/src/share/classes/java/io/ObjectStreamClass.java b/jdk/src/share/classes/java/io/ObjectStreamClass.java
index 41b116d41bc..71f278e1b94 100644
--- a/jdk/src/share/classes/java/io/ObjectStreamClass.java
+++ b/jdk/src/share/classes/java/io/ObjectStreamClass.java
@@ -1151,7 +1151,14 @@ public class ObjectStreamClass implements Serializable {
             end = end.getSuperclass();
         }
 
+        HashSet<String> oscNames = new HashSet<>(3);
+
         for (ObjectStreamClass d = this; d != null; d = d.superDesc) {
+            if (oscNames.contains(d.name)) {
+                throw new InvalidClassException("Circular reference.");
+            } else {
+                oscNames.add(d.name);
+            }
 
             // search up inheritance hierarchy for class with matching name
             String searchName = (d.cl != null) ? d.cl.getName() : d.name;