$length = $this->readInt(); // We don't pre-allocate the array; this prevents an allocation attack return new SSSR_BoundedList($instanceClass->getComponentType(), $length); } else { if ($instanceClass->isEnum()) { // Bypass enum transformation $ordinal = $this->readInt(); $values = $instanceClass->getEnumValues(); assert(in_array($ordinal, $values, true)); return $ordinal; } else { $constructor = $instanceClass->getConstructor(); $constructor->setAccessible(true); return $constructor->newInstance(); } } } private function validateTypeVersions(Clazz $instanceClass, SerializedInstanceReference $serializedInstRef) { $clientTypeSignature = $serializedInstRef->getSignature(); if (empty($clientTypeSignature)) { throw new SerializationException('Missin type signature for "' . $instanceClass->getFullName() . '"'); } $serverTypeSignature = SerializabilityUtilEx::getSerializationSignature($instanceClass, $this->serializationPolicy); if ($clientTypeSignature !== $serverTypeSignature) { throw new SerializationException('Invalid type signature for "' . $instanceClass->getFullName() . '"'); } } } ServerSerializationStreamReader::init();