Merge "Don't execute code before checking a class is a messagenano." am: 89ebbfb9a9
am: 72070e4cf3
Change-Id: I9a963a3dab44bcdcc23be6b2f67f9f2e2004a4d9
diff --git a/java/src/device/main/java/com/google/protobuf/nano/android/ParcelableMessageNanoCreator.java b/java/src/device/main/java/com/google/protobuf/nano/android/ParcelableMessageNanoCreator.java
index 5a4b70c..9c97439 100644
--- a/java/src/device/main/java/com/google/protobuf/nano/android/ParcelableMessageNanoCreator.java
+++ b/java/src/device/main/java/com/google/protobuf/nano/android/ParcelableMessageNanoCreator.java
@@ -38,6 +38,7 @@
import com.google.protobuf.nano.MessageNano;
import java.lang.reflect.Array;
+import java.lang.reflect.InvocationTargetException;
public final class ParcelableMessageNanoCreator<T extends MessageNano>
implements Parcelable.Creator<T> {
@@ -58,12 +59,19 @@
T proto = null;
try {
- Class<?> clazz = Class.forName(className);
- Object instance = clazz.newInstance();
+ // Check that the provided class is a subclass of MessageNano before executing any code
+ Class<?> clazz =
+ Class.forName(className, false /*initialize*/, this.getClass().getClassLoader())
+ .asSubclass(MessageNano.class);
+ Object instance = clazz.getConstructor().newInstance();
proto = (T) instance;
MessageNano.mergeFrom(proto, data);
} catch (ClassNotFoundException e) {
Log.e(TAG, "Exception trying to create proto from parcel", e);
+ } catch (NoSuchMethodException e) {
+ Log.e(TAG, "Exception trying to create proto from parcel", e);
+ } catch (InvocationTargetException e) {
+ Log.e(TAG, "Exception trying to create proto from parcel", e);
} catch (IllegalAccessException e) {
Log.e(TAG, "Exception trying to create proto from parcel", e);
} catch (InstantiationException e) {
